CVE-2024-10525 – Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback
https://notcve.org/view.php?id=CVE-2024-10525
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. En Eclipse Mosquitto, desde la versión 1.3.2 hasta la 2.0.18, si un agente malintencionado envía un paquete SUBACK manipulado sin códigos de motivo, un cliente que utilice libmosquitto puede realizar un acceso a la memoria fuera de los límites cuando actúe en su devolución de llamada on_subscribe. Esto afecta a los clientes mosquitto_sub y mosquitto_rr. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190 https://mosquitto.org/blog/2024/10/version-2-0-19-released https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c • CWE-122: Heap-based Buffer Overflow •
CVE-2023-5632 – Unconditionally adding an event to the epoll causes excessive CPU consumption
https://notcve.org/view.php?id=CVE-2023-5632
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 En Eclipse Mosquito anterior a 2.0.5 incluida, establecer una conexión con el servidor mosquitto sin enviar datos provoca que se agregue el evento EPOLLOUT, lo que resulta en un consumo excesivo de CPU. Esto podría ser utilizado por un actor malintencionado para realizar un ataque de tipo de denegación de servicio. Este problema se solucionó en 2.0.6. • https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d https://github.com/eclipse/mosquitto/pull/2053 • CWE-834: Excessive Iteration •
CVE-2023-0809 – mosquitto: memory leak leads to unresponsive broker
https://notcve.org/view.php?id=CVE-2023-0809
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. En Mosquitto anterior a 2.0.16, el exceso de memoria se asigna en función de paquetes iniciales maliciosos que no son paquetes CONNECT. A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition. • https://mosquitto.org/blog/2023/08/version-2-0-16-released https://security.gentoo.org/glsa/202401-09 https://access.redhat.com/security/cve/CVE-2023-0809 https://bugzilla.redhat.com/show_bug.cgi?id=2236882 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVE-2023-3592 – mosquitto: memory leak leads to unresponsive broker
https://notcve.org/view.php?id=CVE-2023-3592
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. En Mosquitto anterior a 2.0.16, se produce una pérdida de memoria cuando los clientes envían paquetes CONNECT v5 con un mensaje de voluntad que contiene tipos de propiedades no válidos. A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition. • https://mosquitto.org/blog/2023/08/version-2-0-16-released https://security.gentoo.org/glsa/202401-09 https://access.redhat.com/security/cve/CVE-2023-3592 https://bugzilla.redhat.com/show_bug.cgi?id=2236882 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-28366 – mosquitto: memory leak leads to unresponsive broker
https://notcve.org/view.php?id=CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. El intermediario en Eclipse Mosquitto 1.3.2 hasta 2.x anterior a 2.0.16 tiene una pérdida de memoria de la que se puede abusar de forma remota cuando un cliente envía muchos mensajes QoS 2 con ID de mensajes duplicados y no responde a los comandos PUBREC. Esto ocurre debido a un mal manejo de EAGAIN desde la función de envío de libc. A memory leak vulnerability was found in Eclipse Mosquitto. • https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9 https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X https://mosquitto.org/blog/2023/08/version-2-0-16-released https://security.gentoo.org/glsa/202401-09 https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt https://www.debian • CWE-401: Missing Release of Memory after Effective Lifetime •