{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28366", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T12:38:25.296Z", "dateReserved": "2023-03-15T00:00:00", "datePublished": "2023-09-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-07T10:06:19.321332"}, "descriptions": [{"lang": "en", "value": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16"}, {"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt"}, {"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/"}, {"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"}, {"name": "FEDORA-2023-9adc4be8b0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/"}, {"name": "DSA-5511", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5511"}, {"name": "GLSA-202401-09", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-09"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.296Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16", "tags": ["x_transferred"]}, {"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt", "tags": ["x_transferred"]}, {"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/", "tags": ["x_transferred"]}, {"url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-9adc4be8b0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/"}, {"name": "DSA-5511", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5511"}, {"name": "GLSA-202401-09", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-09"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "489726DB-BC82-41A1-AB84-800B80E459A1", "versionEndExcluding": "2.0.16", "versionStartIncluding": "1.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function."}, {"lang": "es", "value": "El intermediario en Eclipse Mosquitto 1.3.2 hasta 2.x anterior a 2.0.16 tiene una p\u00e9rdida de memoria de la que se puede abusar de forma remota cuando un cliente env\u00eda muchos mensajes QoS 2 con ID de mensajes duplicados y no responde a los comandos PUBREC. Esto ocurre debido a un mal manejo de EAGAIN desde la funci\u00f3n de env\u00edo de libc."}], "id": "CVE-2023-28366", "lastModified": "2024-11-21T07:54:55.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-01T16:15:07.790", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-09"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2023/dsa-5511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5511"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1061", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "mosquitto-0:2.0.17-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-02-29T00:00:00Z"}, {"advisory": "RHSA-2024:1061", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "mosquitto-0:2.0.17-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2024-02-29T00:00:00Z"}, {"advisory": "RHSA-2024:0797", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "mosquitto-0:2.0.17-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:0797", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "mosquitto-0:2.0.17-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-02-13T00:00:00Z"}], "bugzilla": {"description": "mosquitto: memory leak leads to unresponsive broker", "id": "2236882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236882"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.", "A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition."], "name": "CVE-2023-28366", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "mosquitto", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "mosquitto", "product_name": "Red Hat Integration Camel K"}], "public_date": "2023-09-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28366\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28366\nhttps://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9"], "threat_severity": "Moderate", "upstream_fix": "mosquitto 2.0.16"}