Eclipse Mosquitto 0.3

CPE Details

Eclipse Mosquitto 0.3
eclipse
mosquitto
0.3
2018-07-17
15h42 +00:00
2018-07-17
15h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:eclipse:mosquitto:0.3:*:*:*:*:*:*:*

Informations

Vendor

eclipse

Product

mosquitto

Version

0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8376 2024-10-11 15h18 +00:00 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
7.2
High
CVE-2023-5632 2023-10-18 08h34 +00:00 In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6
7.5
High
CVE-2023-3592 2023-10-02 19h01 +00:00 In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
7.5
High
CVE-2023-0809 2023-10-02 18h56 +00:00 In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
5.8
Medium
CVE-2021-34432 2021-07-27 13h25 +00:00 In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
7.5
High
CVE-2017-7653 2018-06-05 18h00 +00:00 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
5.3
Medium
CVE-2017-7654 2018-06-05 18h00 +00:00 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
7.5
High
CVE-2017-7651 2018-04-24 12h00 +00:00 In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
7.5
High
CVE-2017-7650 2017-09-11 16h00 +00:00 In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.
6.5
Medium
CVE-2017-9868 2017-06-25 12h00 +00:00 In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
5.5
Medium