Mosquitto@2.0.0 Security Vulnerabilities and Issues — Mosquitto@2.0.0 CVE List

Lucene search

EclipseMosquitto2.0.0

3 matches found

CVE•added 2021/08/30 8:15 p.m.•100 views

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

5.3CVSS5.3AI score0.00261EPSS

CVE•added 2021/04/07 7:15 p.m.•67 views

CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

6.5CVSS6.2AI score0.00515EPSS

CVE•added 2024/10/30 12:15 p.m.•59 views

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the br...

6.5CVSS7.4AI score0.0053EPSS