CVE-2024-3935
Eclipse Mosquito: Double free vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto está configurado para crear una conexión de puente saliente y esa conexión de puente tiene un tema entrante configurado que hace uso de reasignación de temas, entonces si la conexión remota envía un paquete PUBLISH manipulado al agente, se producirá una doble liberación con un bloqueo posterior del agente.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-17 CVE Reserved
- 2024-10-30 CVE Published
- 2024-10-31 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Eclipse Foundation Search vendor "Eclipse Foundation" | Mosquitto Search vendor "Eclipse Foundation" for product "Mosquitto" | >= 2.0.0 <= 2.0.18 Search vendor "Eclipse Foundation" for product "Mosquitto" and version " >= 2.0.0 <= 2.0.18" | en |
Affected
|