Filtered by vendor Eclipse
Subscriptions
Filtered by product Mosquitto
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-28366 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-08-02 | 7.5 High |
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | ||||
CVE-2023-3592 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-08-02 | 5.8 Medium |
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | ||||
CVE-2023-0809 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-08-02 | 5.8 Medium |
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |