[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-0809":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":413,"aliases":414,"duplicate_of":9,"upstream":415,"downstream":416,"duplicates":431,"related":432,"reserved_at":9,"published_at":433,"modified_at":434,"state":435,"summary":436,"references_raw":445,"kevs":456,"epss":457,"epss_history":460,"metrics":726,"affected":736},"CVE-2023-0809","In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-789","Memory Allocation with Excessive Size Value","The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","weakness","Draft","Variant",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","Incomplete","Base","High",[27,113,123,127,131,135,139,143,175,237,241,245,275,305,337,341,345,349,353,357],{"id":28,"name":29,"techniques":30},"CAPEC-125","Flooding",[31,85],{"id":32,"name":33,"tactics":34,"countermeasures":38},"T1498.001","Direct Network Flood",[35],{"id":36,"name":37},"TA0105","Impact",[39,44,48,52,56,60,64,68,72,76,81],{"id":40,"name":41,"tactic":42},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":43},"Detect",{"id":45,"name":46,"tactic":47},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":43},{"id":49,"name":50,"tactic":51},"D3-CSPP","Client-server Payload Profiling",{"name":43},{"id":53,"name":54,"tactic":55},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":43},{"id":57,"name":58,"tactic":59},"D3-NTSA","Network Traffic Signature Analysis",{"name":43},{"id":61,"name":62,"tactic":63},"D3-APCA","Application Protocol Command Analysis",{"name":43},{"id":65,"name":66,"tactic":67},"D3-NTCD","Network Traffic Community Deviation",{"name":43},{"id":69,"name":70,"tactic":71},"D3-RTSD","Remote Terminal Session Detection",{"name":43},{"id":73,"name":74,"tactic":75},"D3-ISVA","Inbound Session Volume Analysis",{"name":43},{"id":77,"name":78,"tactic":79},"D3-NTF","Network Traffic Filtering",{"name":80},"Isolate",{"id":82,"name":83,"tactic":84},"D3-ITF","Inbound Traffic Filtering",{"name":80},{"id":86,"name":87,"tactics":88,"countermeasures":90},"T1499","Endpoint Denial of Service",[89],{"id":36,"name":37},[91,93,95,97,99,101,103,105,107,109,111],{"id":40,"name":41,"tactic":92},{"name":43},{"id":45,"name":46,"tactic":94},{"name":43},{"id":49,"name":50,"tactic":96},{"name":43},{"id":53,"name":54,"tactic":98},{"name":43},{"id":57,"name":58,"tactic":100},{"name":43},{"id":61,"name":62,"tactic":102},{"name":43},{"id":65,"name":66,"tactic":104},{"name":43},{"id":69,"name":70,"tactic":106},{"name":43},{"id":73,"name":74,"tactic":108},{"name":43},{"id":77,"name":78,"tactic":110},{"name":80},{"id":82,"name":83,"tactic":112},{"name":80},{"id":114,"name":115,"techniques":116},"CAPEC-130","Excessive Allocation",[117],{"id":118,"name":119,"tactics":120,"countermeasures":122},"T1499.003","Application Exhaustion Flood",[121],{"id":36,"name":37},[],{"id":124,"name":125,"techniques":126},"CAPEC-147","XML Ping of the Death",[],{"id":128,"name":129,"techniques":130},"CAPEC-197","Exponential Data Expansion",[],{"id":132,"name":133,"techniques":134},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":136,"name":137,"techniques":138},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":140,"name":141,"techniques":142},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":144,"name":145,"techniques":146},"CAPEC-469","HTTP DoS",[147],{"id":148,"name":149,"tactics":150,"countermeasures":152},"T1499.002","Service Exhaustion Flood",[151],{"id":36,"name":37},[153,155,157,159,161,163,165,167,169,171,173],{"id":40,"name":41,"tactic":154},{"name":43},{"id":45,"name":46,"tactic":156},{"name":43},{"id":49,"name":50,"tactic":158},{"name":43},{"id":53,"name":54,"tactic":160},{"name":43},{"id":57,"name":58,"tactic":162},{"name":43},{"id":61,"name":62,"tactic":164},{"name":43},{"id":65,"name":66,"tactic":166},{"name":43},{"id":69,"name":70,"tactic":168},{"name":43},{"id":73,"name":74,"tactic":170},{"name":43},{"id":77,"name":78,"tactic":172},{"name":80},{"id":82,"name":83,"tactic":174},{"name":80},{"id":176,"name":177,"techniques":178},"CAPEC-482","TCP Flood",[179,205,211],{"id":32,"name":33,"tactics":180,"countermeasures":182},[181],{"id":36,"name":37},[183,185,187,189,191,193,195,197,199,201,203],{"id":40,"name":41,"tactic":184},{"name":43},{"id":45,"name":46,"tactic":186},{"name":43},{"id":49,"name":50,"tactic":188},{"name":43},{"id":53,"name":54,"tactic":190},{"name":43},{"id":57,"name":58,"tactic":192},{"name":43},{"id":61,"name":62,"tactic":194},{"name":43},{"id":65,"name":66,"tactic":196},{"name":43},{"id":69,"name":70,"tactic":198},{"name":43},{"id":73,"name":74,"tactic":200},{"name":43},{"id":77,"name":78,"tactic":202},{"name":80},{"id":82,"name":83,"tactic":204},{"name":80},{"id":206,"name":207,"tactics":208,"countermeasures":210},"T1499.001","OS Exhaustion Flood",[209],{"id":36,"name":37},[],{"id":148,"name":149,"tactics":212,"countermeasures":214},[213],{"id":36,"name":37},[215,217,219,221,223,225,227,229,231,233,235],{"id":40,"name":41,"tactic":216},{"name":43},{"id":45,"name":46,"tactic":218},{"name":43},{"id":49,"name":50,"tactic":220},{"name":43},{"id":53,"name":54,"tactic":222},{"name":43},{"id":57,"name":58,"tactic":224},{"name":43},{"id":61,"name":62,"tactic":226},{"name":43},{"id":65,"name":66,"tactic":228},{"name":43},{"id":69,"name":70,"tactic":230},{"name":43},{"id":73,"name":74,"tactic":232},{"name":43},{"id":77,"name":78,"tactic":234},{"name":80},{"id":82,"name":83,"tactic":236},{"name":80},{"id":238,"name":239,"techniques":240},"CAPEC-486","UDP Flood",[],{"id":242,"name":243,"techniques":244},"CAPEC-487","ICMP Flood",[],{"id":246,"name":247,"techniques":248},"CAPEC-488","HTTP Flood",[249],{"id":148,"name":149,"tactics":250,"countermeasures":252},[251],{"id":36,"name":37},[253,255,257,259,261,263,265,267,269,271,273],{"id":40,"name":41,"tactic":254},{"name":43},{"id":45,"name":46,"tactic":256},{"name":43},{"id":49,"name":50,"tactic":258},{"name":43},{"id":53,"name":54,"tactic":260},{"name":43},{"id":57,"name":58,"tactic":262},{"name":43},{"id":61,"name":62,"tactic":264},{"name":43},{"id":65,"name":66,"tactic":266},{"name":43},{"id":69,"name":70,"tactic":268},{"name":43},{"id":73,"name":74,"tactic":270},{"name":43},{"id":77,"name":78,"tactic":272},{"name":80},{"id":82,"name":83,"tactic":274},{"name":80},{"id":276,"name":277,"techniques":278},"CAPEC-489","SSL Flood",[279],{"id":148,"name":149,"tactics":280,"countermeasures":282},[281],{"id":36,"name":37},[283,285,287,289,291,293,295,297,299,301,303],{"id":40,"name":41,"tactic":284},{"name":43},{"id":45,"name":46,"tactic":286},{"name":43},{"id":49,"name":50,"tactic":288},{"name":43},{"id":53,"name":54,"tactic":290},{"name":43},{"id":57,"name":58,"tactic":292},{"name":43},{"id":61,"name":62,"tactic":294},{"name":43},{"id":65,"name":66,"tactic":296},{"name":43},{"id":69,"name":70,"tactic":298},{"name":43},{"id":73,"name":74,"tactic":300},{"name":43},{"id":77,"name":78,"tactic":302},{"name":80},{"id":82,"name":83,"tactic":304},{"name":80},{"id":306,"name":307,"techniques":308},"CAPEC-490","Amplification",[309],{"id":310,"name":311,"tactics":312,"countermeasures":314},"T1498.002","Reflection Amplification",[313],{"id":36,"name":37},[315,317,319,321,323,325,327,329,331,333,335],{"id":40,"name":41,"tactic":316},{"name":43},{"id":45,"name":46,"tactic":318},{"name":43},{"id":49,"name":50,"tactic":320},{"name":43},{"id":53,"name":54,"tactic":322},{"name":43},{"id":57,"name":58,"tactic":324},{"name":43},{"id":61,"name":62,"tactic":326},{"name":43},{"id":65,"name":66,"tactic":328},{"name":43},{"id":69,"name":70,"tactic":330},{"name":43},{"id":73,"name":74,"tactic":332},{"name":43},{"id":77,"name":78,"tactic":334},{"name":80},{"id":82,"name":83,"tactic":336},{"name":80},{"id":338,"name":339,"techniques":340},"CAPEC-491","Quadratic Data Expansion",[],{"id":342,"name":343,"techniques":344},"CAPEC-493","SOAP Array Blowup",[],{"id":346,"name":347,"techniques":348},"CAPEC-494","TCP Fragmentation",[],{"id":350,"name":351,"techniques":352},"CAPEC-495","UDP Fragmentation",[],{"id":354,"name":355,"techniques":356},"CAPEC-496","ICMP Fragmentation",[],{"id":358,"name":359,"techniques":360},"CAPEC-528","XML Flood",[361,387],{"id":148,"name":149,"tactics":362,"countermeasures":364},[363],{"id":36,"name":37},[365,367,369,371,373,375,377,379,381,383,385],{"id":40,"name":41,"tactic":366},{"name":43},{"id":45,"name":46,"tactic":368},{"name":43},{"id":49,"name":50,"tactic":370},{"name":43},{"id":53,"name":54,"tactic":372},{"name":43},{"id":57,"name":58,"tactic":374},{"name":43},{"id":61,"name":62,"tactic":376},{"name":43},{"id":65,"name":66,"tactic":378},{"name":43},{"id":69,"name":70,"tactic":380},{"name":43},{"id":73,"name":74,"tactic":382},{"name":43},{"id":77,"name":78,"tactic":384},{"name":80},{"id":82,"name":83,"tactic":386},{"name":80},{"id":32,"name":33,"tactics":388,"countermeasures":390},[389],{"id":36,"name":37},[391,393,395,397,399,401,403,405,407,409,411],{"id":40,"name":41,"tactic":392},{"name":43},{"id":45,"name":46,"tactic":394},{"name":43},{"id":49,"name":50,"tactic":396},{"name":43},{"id":53,"name":54,"tactic":398},{"name":43},{"id":57,"name":58,"tactic":400},{"name":43},{"id":61,"name":62,"tactic":402},{"name":43},{"id":65,"name":66,"tactic":404},{"name":43},{"id":69,"name":70,"tactic":406},{"name":43},{"id":73,"name":74,"tactic":408},{"name":43},{"id":77,"name":78,"tactic":410},{"name":80},{"id":82,"name":83,"tactic":412},{"name":80},[],[],[],[417,419,421,423,425,427,429],{"_key":418},"ALPINE-CVE-2023-0809",{"_key":420},"DSA-5511-1",{"_key":422},"RHSA-2024:1061",{"_key":424},"USN-6492-1",{"_key":426},"UBUNTU-CVE-2023-0809",{"_key":428},"DEBIAN-CVE-2023-0809",{"_key":430},"RHSA-2024:0797",[],[],"2023-10-02T18:56:26.824Z","2025-02-13T16:39:08.267Z","Modified",{"cisa_kev":437,"cisa_ransomware":437,"cisa_vendor":9,"epss_severity":438,"epss_score":439,"severity":440,"severity_score":441,"severity_version":442,"severity_source":443,"severity_vector":444,"severity_status":435},false,"low",0.00051,"medium",5.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",[446,452],{"url":447,"sources":448,"tags":450},"https://mosquitto.org/blog/2023/08/version-2-0-16-released/",[443,449],"nvd",[451],"Release Notes",{"url":453,"sources":454,"tags":455},"https://security.gentoo.org/glsa/202401-09",[443,449],[],[],{"date":458,"score":439,"percentile":459},"2026-06-04",0.16096,[461,465,468,471,474,477,480,483,486,489,492,495,498,501,504,508,511,514,517,520,523,526,529,531,533,536,539,542,545,548,551,554,557,560,563,566,569,572,575,578,581,584,587,590,593,596,599,602,605,608,611,614,617,620,624,627,630,633,635,638,641,644,646,649,652,654,657,660,663,666,669,672,674,676,679,682,685,688,691,694,697,700,703,706,709,712,715,717,720,723],{"date":462,"score":463,"percentile":464},"2025-11-04",0.00029,0.07195,{"date":466,"score":463,"percentile":467},"2025-11-05",0.07211,{"date":469,"score":463,"percentile":470},"2025-11-06",0.07328,{"date":472,"score":463,"percentile":473},"2025-11-07",0.07351,{"date":475,"score":463,"percentile":476},"2025-11-08",0.07345,{"date":478,"score":463,"percentile":479},"2025-11-09",0.07317,{"date":481,"score":463,"percentile":482},"2025-11-10",0.07278,{"date":484,"score":463,"percentile":485},"2025-11-11",0.07267,{"date":487,"score":463,"percentile":488},"2025-11-12",0.07234,{"date":490,"score":463,"percentile":491},"2025-11-13",0.07265,{"date":493,"score":463,"percentile":494},"2025-11-14",0.07308,{"date":496,"score":463,"percentile":497},"2025-11-15",0.0734,{"date":499,"score":463,"percentile":500},"2025-11-16",0.07349,{"date":502,"score":463,"percentile":503},"2025-11-17",0.07339,{"date":505,"score":506,"percentile":507},"2025-11-18",0.00371,0.56044,{"date":509,"score":506,"percentile":510},"2025-11-19",0.5606,{"date":512,"score":506,"percentile":513},"2025-11-20",0.5605,{"date":515,"score":463,"percentile":516},"2025-11-21",0.07457,{"date":518,"score":463,"percentile":519},"2025-11-22",0.07463,{"date":521,"score":463,"percentile":522},"2025-11-23",0.07458,{"date":524,"score":463,"percentile":525},"2025-11-24",0.07448,{"date":527,"score":463,"percentile":528},"2025-11-25",0.0745,{"date":530,"score":463,"percentile":516},"2025-11-26",{"date":532,"score":463,"percentile":522},"2025-11-27",{"date":534,"score":463,"percentile":535},"2025-11-28",0.07438,{"date":537,"score":463,"percentile":538},"2025-11-29",0.07476,{"date":540,"score":463,"percentile":541},"2025-11-30",0.07485,{"date":543,"score":463,"percentile":544},"2025-12-01",0.07522,{"date":546,"score":463,"percentile":547},"2025-12-02",0.07538,{"date":549,"score":463,"percentile":550},"2025-12-03",0.07558,{"date":552,"score":463,"percentile":553},"2025-12-04",0.07545,{"date":555,"score":463,"percentile":556},"2025-12-05",0.07594,{"date":558,"score":463,"percentile":559},"2025-12-06",0.07607,{"date":561,"score":463,"percentile":562},"2025-12-07",0.07608,{"date":564,"score":463,"percentile":565},"2025-12-08",0.07618,{"date":567,"score":463,"percentile":568},"2025-12-09",0.0767,{"date":570,"score":463,"percentile":571},"2025-12-10",0.07739,{"date":573,"score":463,"percentile":574},"2025-12-11",0.07781,{"date":576,"score":463,"percentile":577},"2025-12-12",0.07795,{"date":579,"score":463,"percentile":580},"2025-12-13",0.07763,{"date":582,"score":463,"percentile":583},"2025-12-14",0.07746,{"date":585,"score":463,"percentile":586},"2025-12-15",0.07688,{"date":588,"score":463,"percentile":589},"2025-12-16",0.0772,{"date":591,"score":463,"percentile":592},"2025-12-17",0.07802,{"date":594,"score":463,"percentile":595},"2025-12-18",0.07866,{"date":597,"score":463,"percentile":598},"2025-12-19",0.07858,{"date":600,"score":463,"percentile":601},"2025-12-20",0.07849,{"date":603,"score":463,"percentile":604},"2025-12-21",0.07822,{"date":606,"score":463,"percentile":607},"2025-12-22",0.07771,{"date":609,"score":463,"percentile":610},"2025-12-23",0.07778,{"date":612,"score":463,"percentile":613},"2025-12-24",0.078,{"date":615,"score":463,"percentile":616},"2025-12-25",0.07875,{"date":618,"score":463,"percentile":619},"2025-12-26",0.07883,{"date":621,"score":622,"percentile":623},"2025-12-27",0.00028,0.07203,{"date":625,"score":463,"percentile":626},"2025-12-28",0.07885,{"date":628,"score":463,"percentile":629},"2025-12-29",0.07864,{"date":631,"score":463,"percentile":632},"2025-12-30",0.07841,{"date":634,"score":463,"percentile":616},"2025-12-31",{"date":636,"score":463,"percentile":637},"2026-01-01",0.07942,{"date":639,"score":463,"percentile":640},"2026-01-02",0.07944,{"date":642,"score":463,"percentile":643},"2026-01-03",0.07946,{"date":645,"score":463,"percentile":619},"2026-01-04",{"date":647,"score":463,"percentile":648},"2026-01-05",0.0783,{"date":650,"score":463,"percentile":651},"2026-01-06",0.07816,{"date":653,"score":463,"percentile":601},"2026-01-07",{"date":655,"score":463,"percentile":656},"2026-01-08",0.07926,{"date":658,"score":463,"percentile":659},"2026-01-09",0.07941,{"date":661,"score":463,"percentile":662},"2026-01-10",0.07963,{"date":664,"score":463,"percentile":665},"2026-01-11",0.07951,{"date":667,"score":463,"percentile":668},"2026-01-12",0.07928,{"date":670,"score":463,"percentile":671},"2026-01-13",0.07898,{"date":673,"score":463,"percentile":668},"2026-01-14",{"date":675,"score":463,"percentile":656},"2026-01-15",{"date":677,"score":463,"percentile":678},"2026-01-16",0.07947,{"date":680,"score":463,"percentile":681},"2026-01-17",0.07959,{"date":683,"score":463,"percentile":684},"2026-01-18",0.07936,{"date":686,"score":463,"percentile":687},"2026-01-19",0.07899,{"date":689,"score":463,"percentile":690},"2026-01-20",0.0786,{"date":692,"score":463,"percentile":693},"2026-01-21",0.07842,{"date":695,"score":463,"percentile":696},"2026-01-22",0.07833,{"date":698,"score":463,"percentile":699},"2026-01-23",0.07927,{"date":701,"score":463,"percentile":702},"2026-01-24",0.07976,{"date":704,"score":463,"percentile":705},"2026-01-25",0.07953,{"date":707,"score":463,"percentile":708},"2026-01-26",0.07915,{"date":710,"score":463,"percentile":711},"2026-01-27",0.07906,{"date":713,"score":463,"percentile":714},"2026-01-28",0.0787,{"date":716,"score":463,"percentile":601},"2026-01-29",{"date":718,"score":463,"percentile":719},"2026-01-30",0.07863,{"date":721,"score":463,"percentile":722},"2026-01-31",0.07884,{"date":724,"score":463,"percentile":725},"2026-02-01",0.07905,[727,732],{"source":443,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":728,"cvss_v4_0":9},{"baseScore":441,"baseSeverity":729,"vectorString":444,"impactScore":730,"exploitabilityScore":731},"MEDIUM",2.3,10,{"source":449,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":733,"cvss_v4_0":9},{"baseScore":734,"baseSeverity":729,"vectorString":735,"impactScore":730,"exploitabilityScore":731},5.3,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",[737],{"ecosystem":9,"name":738,"vendor":739,"product":738,"cpe_part":740,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":741},"mosquitto","eclipse","a",[742],{"version":743,"is_range":744,"range_type":745,"version_start":9,"version_start_type":9,"version_end":746,"version_end_type":747,"fixed_in":9},"lt2.0.16",true,"cpe","2.0.16","excluding"]