Eclipse Mosquitto 1.6.5

CPE Details

Eclipse Mosquitto 1.6.5
eclipse
mosquitto
1.6.5
2019-09-19
14h18 +00:00
2019-09-19
14h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:eclipse:mosquitto:1.6.5:*:*:*:*:*:*:*

Informations

Vendor

eclipse

Product

mosquitto

Version

1.6.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-10525 2024-10-30 11h41 +00:00 In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
7.2
High
CVE-2024-8376 2024-10-11 15h18 +00:00 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
7.2
High
CVE-2023-5632 2023-10-18 08h34 +00:00 In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6
7.5
High
CVE-2023-3592 2023-10-02 19h01 +00:00 In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
7.5
High
CVE-2023-0809 2023-10-02 18h56 +00:00 In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
5.8
Medium
CVE-2023-28366 2023-08-31 22h00 +00:00 The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
7.5
High
CVE-2021-41039 2021-11-30 23h00 +00:00 In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
7.5
High
CVE-2021-34432 2021-07-27 13h25 +00:00 In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
7.5
High
CVE-2021-34431 2021-07-22 11h45 +00:00 In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.
6.5
Medium
CVE-2019-11779 2019-09-19 11h30 +00:00 In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
6.5
Medium