Уязвимость CVE-2024-10525

Пакет	Статус	Версия исправления	Релиз	Тип
mosquitto	fixed	2.0.20-1		package
mosquitto	fixed	2.0.11-1.2+deb12u2	bookworm	package

CVE-2024-10525

CVSS3: 9.8

ubuntu

около 1 года назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

CVE-2024-10525

CVSS3: 7.6

redhat

около 1 года назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

CVE-2024-10525

CVSS3: 9.8

nvd

около 1 года назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

GHSA-cm54-mprw-5279

CVSS3: 9.1

github

около 1 года назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

BDU:2024-09881

CVSS3: 9.1

fstec

около 1 года назад

Уязвимость брокера сообщений Eclipse Mosquitto, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю получить доступ к конфиденциальной информации

exploitDog

CVE-2024-10525

Описание

Пакеты

Примечания

Связанные уязвимости