Search criteria
8 vulnerabilities found for Mosquitto by Eclipse Foundation
CVE-2024-3935 (GCVE-0-2024-3935)
Vulnerability from cvelistv5 – Published: 2024-10-30 11:45 – Updated: 2025-11-03 20:38
VLAI?
Summary
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | mosquitto |
Affected:
2.0.0 , ≤ 2.0.18
(semver)
|
Credits
song xiangpu
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mosquitto",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:27:07.940300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:11:09.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:15.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "song xiangpu"
}
],
"datePublic": "2024-10-30T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:12:11.012Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Mosquito: Double free vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-3935",
"datePublished": "2024-10-30T11:45:23.506Z",
"dateReserved": "2024-04-17T17:12:36.491Z",
"dateUpdated": "2025-11-03T20:38:15.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10525 (GCVE-0-2024-10525)
Vulnerability from cvelistv5 – Published: 2024-10-30 11:41 – Updated: 2025-11-03 20:36
VLAI?
Summary
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | mosquitto |
Affected:
1.3.2 , ≤ 2.0.18
(semver)
|
Credits
Qingpeng Du
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mosquitto",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "1.3.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:33:25.135814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:11:50.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:24.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "1.3.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qingpeng Du"
}
],
"datePublic": "2024-10-30T11:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
}
],
"value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:09:42.334Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10525",
"datePublished": "2024-10-30T11:41:08.946Z",
"dateReserved": "2024-10-30T09:50:22.568Z",
"dateUpdated": "2025-11-03T20:36:24.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8376 (GCVE-0-2024-8376)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-31 09:15
VLAI?
Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
2.0.18
Unaffected: 2.0.19 |
Credits
Roman Kraus (Fraunhofer FOKUS)
Steffen Lüdtke (Fraunhofer FOKUS)
Martin Schneider (Fraunhofer FOKUS)
Ramon Barakat (Fraunhofer FOKUS)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:25:39.508033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:25:54.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "Mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.18"
},
{
"status": "unaffected",
"version": "2.0.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Roman Kraus (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen L\u00fcdtke (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Schneider (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Ramon Barakat (Fraunhofer FOKUS)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.\u003cbr\u003e"
}
],
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:15:30.149Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"tags": [
"product"
],
"url": "https://mosquitto.org/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8376",
"datePublished": "2024-10-11T15:18:54.142Z",
"dateReserved": "2024-09-02T13:50:51.894Z",
"dateUpdated": "2024-10-31T09:15:30.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7650 (GCVE-0-2017-7650)
Vulnerability from cvelistv5 – Published: 2017-09-11 16:00 – Updated: 2024-09-16 20:43
VLAI?
Summary
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.
Severity ?
No CVSS data available.
CWE
- loss of confidentiality
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
0.15 to 1.4.11 inclusive
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "0.15 to 1.4.11 inclusive"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to \u0027#\u0027 or \u0027+\u0027. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "loss of confidentiality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"DATE_PUBLIC": "2017-05-29T00:00:00",
"ID": "CVE-2017-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mosquitto",
"version": {
"version_data": [
{
"version_value": "0.15 to 1.4.11 inclusive"
}
]
}
}
]
},
"vendor_name": "Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to \u0027#\u0027 or \u0027+\u0027. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "loss of confidentiality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/",
"refsource": "CONFIRM",
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2017-7650",
"datePublished": "2017-09-11T16:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T20:43:01.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3935 (GCVE-0-2024-3935)
Vulnerability from nvd – Published: 2024-10-30 11:45 – Updated: 2025-11-03 20:38
VLAI?
Summary
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | mosquitto |
Affected:
2.0.0 , ≤ 2.0.18
(semver)
|
Credits
song xiangpu
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mosquitto",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:27:07.940300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:11:09.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:15.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "song xiangpu"
}
],
"datePublic": "2024-10-30T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:12:11.012Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Mosquito: Double free vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-3935",
"datePublished": "2024-10-30T11:45:23.506Z",
"dateReserved": "2024-04-17T17:12:36.491Z",
"dateUpdated": "2025-11-03T20:38:15.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10525 (GCVE-0-2024-10525)
Vulnerability from nvd – Published: 2024-10-30 11:41 – Updated: 2025-11-03 20:36
VLAI?
Summary
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | mosquitto |
Affected:
1.3.2 , ≤ 2.0.18
(semver)
|
Credits
Qingpeng Du
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mosquitto",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "1.3.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:33:25.135814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:11:50.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:24.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "1.3.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qingpeng Du"
}
],
"datePublic": "2024-10-30T11:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
}
],
"value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:09:42.334Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10525",
"datePublished": "2024-10-30T11:41:08.946Z",
"dateReserved": "2024-10-30T09:50:22.568Z",
"dateUpdated": "2025-11-03T20:36:24.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8376 (GCVE-0-2024-8376)
Vulnerability from nvd – Published: 2024-10-11 15:18 – Updated: 2024-10-31 09:15
VLAI?
Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
2.0.18
Unaffected: 2.0.19 |
Credits
Roman Kraus (Fraunhofer FOKUS)
Steffen Lüdtke (Fraunhofer FOKUS)
Martin Schneider (Fraunhofer FOKUS)
Ramon Barakat (Fraunhofer FOKUS)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:25:39.508033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:25:54.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "Mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.18"
},
{
"status": "unaffected",
"version": "2.0.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Roman Kraus (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen L\u00fcdtke (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Schneider (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Ramon Barakat (Fraunhofer FOKUS)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.\u003cbr\u003e"
}
],
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:15:30.149Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"tags": [
"product"
],
"url": "https://mosquitto.org/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8376",
"datePublished": "2024-10-11T15:18:54.142Z",
"dateReserved": "2024-09-02T13:50:51.894Z",
"dateUpdated": "2024-10-31T09:15:30.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7650 (GCVE-0-2017-7650)
Vulnerability from nvd – Published: 2017-09-11 16:00 – Updated: 2024-09-16 20:43
VLAI?
Summary
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.
Severity ?
No CVSS data available.
CWE
- loss of confidentiality
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
0.15 to 1.4.11 inclusive
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "0.15 to 1.4.11 inclusive"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to \u0027#\u0027 or \u0027+\u0027. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "loss of confidentiality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"DATE_PUBLIC": "2017-05-29T00:00:00",
"ID": "CVE-2017-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mosquitto",
"version": {
"version_data": [
{
"version_value": "0.15 to 1.4.11 inclusive"
}
]
}
}
]
},
"vendor_name": "Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to \u0027#\u0027 or \u0027+\u0027. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "loss of confidentiality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/",
"refsource": "CONFIRM",
"url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"
},
{
"name": "98741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98741"
},
{
"name": "DSA-3865",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3865"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2017-7650",
"datePublished": "2017-09-11T16:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T20:43:01.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}