Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-10525

Опубликовано: 30 окт. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.8

Описание

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

РелизСтатусПримечание
devel

not-affected

2.0.21-1
esm-apps/bionic

released

1.4.15-2ubuntu0.18.04.3+esm2
esm-apps/focal

released

1.6.9-1ubuntu0.1~esm2
esm-apps/jammy

released

2.0.11-1ubuntu1.2
esm-apps/noble

released

2.0.18-1ubuntu0.1~esm1
esm-apps/xenial

released

1.4.8-1ubuntu0.16.04.7+esm2
esm-infra-legacy/trusty

released

0.15-2+deb7u3ubuntu0.1+esm1
focal

ignored

end of standard support, was needed
jammy

released

2.0.11-1ubuntu1.2
noble

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 44%
0.00213
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-10525

CVSS3: 7.6
redhat
8 месяцев назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

nvd логотип

CVE-2024-10525

CVSS3: 9.8
nvd
8 месяцев назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

debian логотип

CVE-2024-10525

CVSS3: 9.8
debian
8 месяцев назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ...

github логотип

GHSA-cm54-mprw-5279

CVSS3: 9.1
github
8 месяцев назад

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

fstec логотип

BDU:2024-09881

CVSS3: 9.1
fstec
8 месяцев назад

Уязвимость брокера сообщений Eclipse Mosquitto, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю получить доступ к конфиденциальной информации

EPSS

Процентиль: 44%
0.00213
Низкий

9.8 Critical

CVSS3