PT-2023-9155 · Mosquitto+4 · Mosquitto+4

Publicado

2023-10-01

Atualizado

2025-03-10

CVE-2023-3592

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mosquitto versions prior to 2.0.16

Description A memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. This issue can be exploited by a remote attacker to cause a denial of service.

Recommendations For Mosquitto versions prior to 2.0.16, update to version 2.0.16 or later to resolve the memory leak issue. As a temporary workaround, consider restricting the handling of v5 CONNECT packets with will messages to minimize the risk of exploitation.

Correção

DoS

Memory Leak

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401

Identificadores relacionados

ALT-PU-2025-1041

ALT-PU-2025-3746

BDU:2024-04213

CVE-2023-3592

DSA-5511-1

OESA-2023-1772

OESA-2023-1773

OESA-2023-1774

OESA-2024-1022

OESA-2024-1026

OESA-2024-1028

OPENSUSE-SU-2024:13546-1

RHSA-2024:0797

RHSA-2024:1061

ROSA-SA-2025-2633

USN-6492-1

Produtos afetados

Alt Linux

Linuxmint

Mosquitto

Red Os

Ubuntu

PT-2023-9155 · Mosquitto+4 · Mosquitto+4

CVE-2023-3592

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39