Eclipse · Eclipse Mosquitto · CVE-2024-8376
Name of the Vulnerable Software and Affected Versions:
Eclipse Mosquitto versions up to 2.0.18a
Description:
The issue allows an attacker to cause memory leaking, segmentation fault, or heap-use-after-free by sending specific sequences of packets, including "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets.
Recommendations:
For Eclipse Mosquitto versions up to 2.0.18a, consider restricting the handling of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.