Lucene search
K

4 matches found

CVE
CVE
added 2023/10/02 6:56 p.m.338 views

CVE-2023-0809

Eclipse Mosquitto CVE-2023-0809 affects Mosquitto 2.0.x up to before 2.0.16, where memory is excessively allocated by malicious initial packets that are not CONNECT packets. Several connected advisories document a memory leak that can lead to broker unresponsiveness (notably CVE-2023-0809 alongsi...

5.8CVSS6AI score0.00608EPSS
CVE
CVE
added 2023/10/02 7:1 p.m.207 views

CVE-2023-3592

Eclipse Mosquitto CVE-2023-3592 affects Mosquitto prior to 2.0.16, where a memory leak occurs when clients send v5 CONNECT packets with a will message containing invalid property types. This memory leak can lead to broker unresponsiveness/DoS. Remediation from related advisories indicates upgradi...

7.5CVSS6.4AI score0.00675EPSS
CVE
CVE
added 2024/10/11 3:18 p.m.144 views

CVE-2024-8376

CVE-2024-8376 affects Eclipse Mosquitto up to version 2.0.18a, where an attacker can trigger memory leaking, segmentation fault or heap-use-after-free by sending crafted sequences of MQTT packets (CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, PUBLISH). Public documents consistently cite these symp...

7.5CVSS7.5AI score0.00748EPSS
CVE
CVE
added 2017/09/11 4:0 p.m.110 views

CVE-2017-7650

CVE-2017-7650 affects Eclipse Mosquitto up to version 1.4.11 (before 1.4.12). The vulnerability arises from pattern-based ACLs that can be bypassed when clients set their username or client id to '#' or '+', allowing locally or remotely connected clients to access MQTT topics they should not be a...

6.5CVSS6.2AI score0.02472EPSS