4 matches found
CVE-2023-0809
Eclipse Mosquitto CVE-2023-0809 affects Mosquitto 2.0.x up to before 2.0.16, where memory is excessively allocated by malicious initial packets that are not CONNECT packets. Several connected advisories document a memory leak that can lead to broker unresponsiveness (notably CVE-2023-0809 alongsi...
CVE-2023-3592
Eclipse Mosquitto CVE-2023-3592 affects Mosquitto prior to 2.0.16, where a memory leak occurs when clients send v5 CONNECT packets with a will message containing invalid property types. This memory leak can lead to broker unresponsiveness/DoS. Remediation from related advisories indicates upgradi...
CVE-2024-8376
CVE-2024-8376 affects Eclipse Mosquitto up to version 2.0.18a, where an attacker can trigger memory leaking, segmentation fault or heap-use-after-free by sending crafted sequences of MQTT packets (CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, PUBLISH). Public documents consistently cite these symp...
CVE-2017-7650
CVE-2017-7650 affects Eclipse Mosquitto up to version 1.4.11 (before 1.4.12). The vulnerability arises from pattern-based ACLs that can be bypassed when clients set their username or client id to '#' or '+', allowing locally or remotely connected clients to access MQTT topics they should not be a...