Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-28366
HistorySep 01, 2023 - 4:15 p.m.

Memory corruption

2023-09-0116:15:00
PRIOn knowledge base
www.prio-n.com
13
memory corruption
eclipse mosquitto
remote abuse
qos 2 messages
duplicate message ids
pubrec commands
eagain mishandling
memory leak vulnerability

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

41.2%

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

CPENameOperatorVersion
mosquittoge1.3.2
mosquittolt2.0.16