CVE-2024-8376

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
11/10/2024
Last modified:
15/11/2024

Description

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:* 2.0.19 (excluding)