CVE-2024-8376
Oct. 31, 2024, 10:15 a.m.
Tags
Product(s) Impacted
Eclipse Mosquitto
- up to 2.0.18a
Description
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Weaknesses
CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE ID: 401Date
Published: Oct. 11, 2024, 4:15 p.m.
Last Modified: Oct. 31, 2024, 10:15 a.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
emo@eclipse.org
References
https://github.com/
emo@eclipse.org
https://github.com/
emo@eclipse.org
https://gitlab.eclipse.org/
emo@eclipse.org
https://gitlab.eclipse.org/
emo@eclipse.org
https://gitlab.eclipse.org/
emo@eclipse.org
https://gitlab.eclipse.org/
emo@eclipse.org
https://gitlab.eclipse.org/
emo@eclipse.org
https://mosquitto.org/
emo@eclipse.org