CVE-2024-8376

Oct. 31, 2024, 10:15 a.m.

Product(s) Impacted

Eclipse Mosquitto

  • up to 2.0.18a

Description

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CWE ID: 401

Date

Published: Oct. 11, 2024, 4:15 p.m.

Last Modified: Oct. 31, 2024, 10:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

emo@eclipse.org

References