CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3935 – Eclipse Mosquito: Double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3935
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker. En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto está configurado para crear una conexión de puente saliente y esa conexión de puente tiene un tema entrante configurado que hace uso de reasignación de temas, entonces si la conexión remota envía un paquete PUBLISH manipulado al agente, se producirá una doble liberación con un bloqueo posterior del agente. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197 https://mosquitto.org/blog/2024/10/version-2-0-19-released https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9 • CWE-415: Double Free •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10525 – Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback
https://notcve.org/view.php?id=CVE-2024-10525
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. En Eclipse Mosquitto, desde la versión 1.3.2 hasta la 2.0.18, si un agente malintencionado envía un paquete SUBACK manipulado sin códigos de motivo, un cliente que utilice libmosquitto puede realizar un acceso a la memoria fuera de los límites cuando actúe en su devolución de llamada on_subscribe. Esto afecta a los clientes mosquitto_sub y mosquitto_rr. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190 https://mosquitto.org/blog/2024/10/version-2-0-19-released https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8376 – Memory leak
https://notcve.org/view.php?id=CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets. • https://github.com/eclipse/mosquitto/releases/tag/v2.0.19 https://gitlab.eclipse.org/security/cve-assignement/-/issues/26 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227 https://mosquitto.org https://github.com/eclipse-mosquitto/mosquitto/commit/1914 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •