Описание
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 2.0.18-1 |
| esm-apps/bionic | ignored | backporting risks regressions |
| esm-apps/focal | ignored | backporting risks regressions |
| esm-apps/jammy | released | 2.0.11-1ubuntu1.1 |
| esm-apps/xenial | ignored | backporting risks regressions |
| esm-infra-legacy/trusty | not-affected | code-not-present |
| focal | ignored | end of standard support, was ignored [backporting risks regressions] |
| jammy | released | 2.0.11-1ubuntu1.1 |
| lunar | released | 2.0.11-1.2ubuntu0.1 |
Показывать по
Ссылки на источники
7.5 High
CVSS3
Связанные уязвимости
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
Уязвимость брокера сообщений Eclipse Mosquitto, связанная с ошибкой освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3