Filtered by vendor Eclipse
Subscriptions
Filtered by product Mosquitto
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34432 | 1 Eclipse | 1 Mosquitto | 2024-08-04 | 7.5 High |
| In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. | ||||
| CVE-2021-28166 | 1 Eclipse | 1 Mosquitto | 2024-08-03 | 6.5 Medium |
| In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. | ||||
| CVE-2023-28366 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-08-02 | 7.5 High |
| The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | ||||
| CVE-2023-3592 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-08-02 | 5.8 Medium |
| In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | ||||