CVE-2025-56352: n/a
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.
AI Analysis
Technical Summary
The tinyMQTT broker, as of commit 6226ade15bd4f97be2d196352e64dd10937c1962, improperly handles a protocol violation scenario during CONNECT packet parsing. When a client sends a CONNECT packet with a zero-length Client ID and CleanSession set to 0, the broker correctly returns a CONNACK with return code 0x02 (Identifier Rejected) but fails to close the TCP connection explicitly. Because the connection teardown logic is not guaranteed to run, the socket remains open. Repeated invalid connection attempts cause accumulation of open sockets and memory usage, leading to server-side resource exhaustion and potential denial of service.
Potential Impact
The vulnerability allows an attacker to cause denial of service by exhausting server resources such as file descriptors and memory through repeated invalid CONNECT attempts with zero-length Client IDs and CleanSession set to 0. This does not involve code execution or data compromise but impacts availability of the MQTT broker service.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should consider implementing network-level protections such as rate limiting or connection limits to mitigate potential resource exhaustion from repeated invalid connection attempts.
CVE-2025-56352: n/a
Description
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The tinyMQTT broker, as of commit 6226ade15bd4f97be2d196352e64dd10937c1962, improperly handles a protocol violation scenario during CONNECT packet parsing. When a client sends a CONNECT packet with a zero-length Client ID and CleanSession set to 0, the broker correctly returns a CONNACK with return code 0x02 (Identifier Rejected) but fails to close the TCP connection explicitly. Because the connection teardown logic is not guaranteed to run, the socket remains open. Repeated invalid connection attempts cause accumulation of open sockets and memory usage, leading to server-side resource exhaustion and potential denial of service.
Potential Impact
The vulnerability allows an attacker to cause denial of service by exhausting server resources such as file descriptors and memory through repeated invalid CONNECT attempts with zero-length Client IDs and CleanSession set to 0. This does not involve code execution or data compromise but impacts availability of the MQTT broker service.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should consider implementing network-level protections such as rate limiting or connection limits to mitigate potential resource exhaustion from repeated invalid connection attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-08-16T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b320aec166c07b0cf2a4d
Added to database: 5/18/2026, 3:36:42 PM
Last enriched: 5/18/2026, 3:51:51 PM
Last updated: 5/18/2026, 6:33:22 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.