Vulnerabilities > CVE-2024-8376 - Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/26
- https://github.com/eclipse/mosquitto/releases/tag/v2.0.19
- https://mosquitto.org/
- https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17