Vulnerabilities > Eclipse > Mosquitto > 2.0.16

DATE CVE VULNERABILITY TITLE RISK
2024-10-30 CVE-2024-10525 Out-of-bounds Write vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback.
network
low complexity
eclipse CWE-787
critical
9.8
2024-10-30 CVE-2024-3935 Double Free vulnerability in Eclipse Mosquitto
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
network
low complexity
eclipse CWE-415
6.5
2024-10-11 CVE-2024-8376 Improper Handling of Exceptional Conditions vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
network
low complexity
eclipse CWE-755
7.5