Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8376

Опубликовано: 11 окт. 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 6satellite-capsule:el8/mosquittoAffected
Red Hat Satellite 6satellite:el8/mosquittoAffected
Red Hat Satellite 6.14 for RHEL 8mosquittoFixedRHSA-2024:871831.10.2024
Red Hat Satellite 6.14 for RHEL 8mosquittoFixedRHSA-2024:871831.10.2024
Red Hat Satellite 6.15 for RHEL 8mosquittoFixedRHSA-2024:871931.10.2024
Red Hat Satellite 6.15 for RHEL 8mosquittoFixedRHSA-2024:871931.10.2024
Red Hat Satellite 6.16 for RHEL 8mosquittoFixedRHSA-2024:890605.11.2024
Red Hat Satellite 6.16 for RHEL 8mosquittoFixedRHSA-2024:890605.11.2024
Red Hat Satellite 6.16 for RHEL 9mosquittoFixedRHSA-2024:890605.11.2024
Red Hat Satellite 6.16 for RHEL 9mosquittoFixedRHSA-2024:890605.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-401
Дефект:
CWE-416
Дефект:
CWE-755
https://bugzilla.redhat.com/show_bug.cgi?id=2318080mosquitto: sending specific sequences of packets may trigger memory leak

EPSS

Процентиль: 55%
0.00321
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8376

CVSS3: 7.5
ubuntu
9 месяцев назад

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

nvd логотип

CVE-2024-8376

CVSS3: 7.5
nvd
9 месяцев назад

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

debian логотип

CVE-2024-8376

CVSS3: 7.5
debian
9 месяцев назад

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...

redos логотип

ROS-20241017-02

CVSS3: 8.3
redos
8 месяцев назад

Уязвимость mosquitto

github логотип

GHSA-72qw-2vp3-gvg9

CVSS3: 7.5
github
9 месяцев назад

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

EPSS

Процентиль: 55%
0.00321
Низкий

7.5 High

CVSS3