PT-2023-9155 · Mosquitto+4 · Mosquitto+4

Published

2023-10-01

Updated

2025-03-10

CVE-2023-3592

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mosquitto versions prior to 2.0.16

Description A memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. This issue can be exploited by a remote attacker to cause a denial of service.

Recommendations For Mosquitto versions prior to 2.0.16, update to version 2.0.16 or later to resolve the memory leak issue. As a temporary workaround, consider restricting the handling of v5 CONNECT packets with will messages to minimize the risk of exploitation.

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2025-1041

ALT-PU-2025-3746

BDU:2024-04213

CVE-2023-3592

DSA-5511-1

OESA-2023-1772

OESA-2023-1773

OESA-2023-1774

OESA-2024-1022

OESA-2024-1026

OESA-2024-1028

OPENSUSE-SU-2024:13546-1

RHSA-2024:0797

RHSA-2024:1061

ROSA-SA-2025-2633

USN-6492-1

Affected Products

Alt Linux

Linuxmint

Mosquitto

Red Os

Ubuntu

PT-2023-9155 · Mosquitto+4 · Mosquitto+4

CVE-2023-3592

Weakness Enumeration

Related Identifiers

Affected Products

References · 39