{"id":"CVE-2023-0809","details":"In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.","modified":"2026-05-15T11:53:07.378726793Z","published":"2023-10-02T18:56:26.824Z","related":["openSUSE-SU-2024:13546-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0809.json","unresolved_ranges":[{"extracted_events":[{"fixed":"2.0.16"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"fixed":"2.0.16"}],"source":"DESCRIPTION"}],"cna_assigner":"eclipse","cwe_ids":["CWE-789"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0809.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0809"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-09"},{"type":"ARTICLE","url":"https://mosquitto.org/blog/2023/08/version-2-0-16-released/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}]}