Vulnerabilities > Eclipse > Mosquitto > 0.8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-8376 | Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | 7.5 |
| 2023-10-18 | CVE-2023-5632 | Excessive Iteration vulnerability in Eclipse Mosquitto In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. | 7.5 |
| 2023-10-02 | CVE-2023-3592 | Memory Leak vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | 7.5 |
| 2023-10-02 | CVE-2023-0809 | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 |
| 2021-07-27 | CVE-2021-34432 | Unspecified vulnerability in Eclipse Mosquitto In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. | 7.5 |
| 2018-06-05 | CVE-2017-7654 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. | 7.5 |
| 2018-06-05 | CVE-2017-7653 | Improper Input Validation vulnerability in multiple products The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. | 5.3 |
| 2018-04-24 | CVE-2017-7651 | Resource Exhaustion vulnerability in multiple products In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. | 7.5 |
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 6.5 |
| 2017-06-25 | CVE-2017-9868 | Information Exposure vulnerability in multiple products In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | 5.5 |