Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3592 | 1 Eclipse | 1 Mosquitto | 2024-02-28 | N/A | 7.5 HIGH |
| In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | |||||
| CVE-2023-5632 | 1 Eclipse | 1 Mosquitto | 2024-02-28 | N/A | 7.5 HIGH |
| In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 | |||||
| CVE-2023-28366 | 1 Eclipse | 1 Mosquitto | 2024-02-28 | N/A | 7.5 HIGH |
| The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | |||||
| CVE-2023-0809 | 1 Eclipse | 1 Mosquitto | 2024-02-28 | N/A | 5.3 MEDIUM |
| In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | |||||