Comments: Synopsys discovers potential DDoS vulnerability in 3 open-source MQTT message brokers that could compromise IoT devices

Comments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group

Message brokers are software applications that serve as a messaging hub for complex systems. They provide reliable communication channels between different components, serving as the nerve center of a complex system. As such, message brokers can also be a central point of failure. If the message broker dies, system components won’t be able to communicate.

CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message brokers. They give attackers the opportunity to disable the message brokers, a denial-of-service attack that could have serious consequences.

Open source message brokers, like other open source components, offer amazing functionality, but must be managed properly. When new vulnerabilities are discovered, the organisation must make sure to update open source components to versions in which known vulnerabilities are fixed. Software Composition Analysis (SCA) tools automate much of this work and can automatically notify development or operations teams when new vulnerabilities are discovered in any used open source components.

This site uses Akismet to reduce spam. Learn how your comment data is processed.