Vulnerability Description
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Mosquitto | < 2.0.19 |
Related Weaknesses (CWE)
References
- https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfPatch
- https://github.com/eclipse/mosquitto/releases/tag/v2.0.19PatchProduct
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/26Issue Tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216Issue Tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217Issue Tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218Issue Tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227Issue Tracking
- https://mosquitto.org/Product
FAQ
What is CVE-2024-8376?
CVE-2024-8376 is a vulnerability with a CVSS score of 7.5 (HIGH). In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UN...
How severe is CVE-2024-8376?
CVE-2024-8376 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8376?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Mosquitto.