In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE and PUBLISH packets.
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mosquitto | Eclipse | * | 2.0.19 (excluding) |
Red Hat Satellite 6.14 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.14 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.15 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.15 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.16 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.16 for RHEL 8 | RedHat | mosquitto-0:2.0.19-1.el8sat | * |
Red Hat Satellite 6.16 for RHEL 9 | RedHat | mosquitto-0:2.0.19-1.el9sat | * |
Red Hat Satellite 6.16 for RHEL 9 | RedHat | mosquitto-0:2.0.19-1.el9sat | * |
Mosquitto | Ubuntu | esm-apps/bionic | * |
Mosquitto | Ubuntu | esm-apps/focal | * |
Mosquitto | Ubuntu | esm-apps/jammy | * |
Mosquitto | Ubuntu | esm-apps/noble | * |
Mosquitto | Ubuntu | esm-apps/xenial | * |
Mosquitto | Ubuntu | esm-infra-legacy/trusty | * |
Mosquitto | Ubuntu | focal | * |
Mosquitto | Ubuntu | jammy | * |
Mosquitto | Ubuntu | noble | * |
Mosquitto | Ubuntu | oracular | * |
Mosquitto | Ubuntu | trusty/esm | * |
Mosquitto | Ubuntu | upstream | * |