7.5

CVE-2024-8376

Memory leak

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseMosquitto Version < 2.0.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.5
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org 7.2 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17
Patch
https://github.com/eclipse/mosquitto/releases/tag/v2.0.19
Patch
Product
https://gitlab.eclipse.org/security/cve-assignement/-/issues/26
Issue Tracking
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216
Issue Tracking
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217
Issue Tracking
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218
Issue Tracking
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227
Issue Tracking
https://mosquitto.org/
Product