CVE-2024-8376

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions up to 2.0.18a

Description: The issue allows an attacker to cause memory leaking, segmentation fault, or heap-use-after-free by sending specific sequences of packets, including "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets.

Recommendations: For Eclipse Mosquitto versions up to 2.0.18a, consider restricting the handling of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Improper Handling of Exceptional Conditions

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-755CWE-416

Related Identifiers

ALT-PU-2025-1041

ALT-PU-2025-3746

CVE-2024-8376

OESA-2024-2415

OESA-2024-2416

OESA-2024-2417

OESA-2024-2418

RHSA-2024:8718

RHSA-2024:8719

RHSA-2024:8906

Affected Products

Alt Linux

Debian

Eclipse Mosquitto

Red Os

CVE-2024-8376

Weakness Enumeration

Related Identifiers

Affected Products

References · 30