81 matches found
CVE-2023-28366
A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service conditi...
CVE-2023-28366
creationtimestamp| type| source ---|---|--- 2023-09-01 20:15:10+00:00| seen| https://t.me/cibsecurity/69660...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
Fedora 38 : libwebsockets / mosquitto (2023-6a87c003c4)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-6a87c003c4 advisory. 2.0.17 Broker: Fix maxqueuedmessages 0 stopping clients from receiving messages Fix maxinflightmessages not being set correctly. Apps: Fix...
BELL-CVE-2023-28366 CVE-2023-28366 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2020-28366 CVE-2020-28366 does not affect BellSoft software
Bulletin has no description...
SUSE CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
Design/Logic Flaw
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...
CVE-2022-29546
CVE-2022-29546 : HtmlUnit NekoHtml Parser before 2.61.0 has a denial-of-service vulnerability via crafted Processing Instructions that triggers heap memory consumption. The issue is triggered during PI data parsing and is described as similar to CVE-2022-28366 but affecting a much newer version. ...
at.willhaben.willtest:browserstack (>=1.0.0 <=1.1.8), at.willhaben.willtest:core (>=1.0.0 <=1.1.8) +417 more potentially affected by CVE-2022-28366 via net.sourceforge.htmlunit:neko-htmlunit (>=2.21 <=2.25)
net.sourceforge.htmlunit:neko-htmlunit MAVEN version =2.21, =1.0.0, =1.0.0, =1.0.0, =1, =0.0.10, =0.14, =1.0, =3.6.1, =2.60, =0.0.1, =16.07.16, =16.10.21 and more Source cves: CVE-2022-28366 Source advisory: OSV:GHSA-G9HH-VVX3-V37V...
CVE-2022-28366
creationtimestamp| type| source ---|---|--- 2022-04-22 02:27:10+00:00| seen| https://t.me/cibsecurity/41295...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
CVE-2022-28366
CVE-2022-28366 affects Neko HTML parsers used by HtmlUnit-Neko (up to 2.26; fixed in 2.27) and by CyberNeko HTML (up to 1.9.22; 1.9.22 is the last release). The issue is a denial of service via crafted Processing Instruction input that leads to excessive heap memory consumption. OWASP AntiSamy be...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
CVE-2022-29280
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidate is a reservation duplicate of CVE-2022-28366. Notes: All CVE users should reference CVE-2022-28366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...