Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-3935 (GCVE-0-2024-3935)
Vulnerability from cvelistv5 – Published: 2024-10-30 11:45 – Updated: 2025-11-03 20:38
VLAI?
EPSS
Title
Eclipse Mosquito: Double free vulnerability
Summary
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | mosquitto |
Affected:
2.0.0 , ≤ 2.0.18
(semver)
|
Date Public ?
2024-10-30 11:44
Credits
song xiangpu
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mosquitto",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:27:07.940300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:11:09.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:15.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.18",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "song xiangpu"
}
],
"datePublic": "2024-10-30T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:12:11.012Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
},
{
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Mosquito: Double free vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-3935",
"datePublished": "2024-10-30T11:45:23.506Z",
"dateReserved": "2024-04-17T17:12:36.491Z",
"dateUpdated": "2025-11-03T20:38:15.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.\"}, {\"lang\": \"es\", \"value\": \"En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto est\\u00e1 configurado para crear una conexi\\u00f3n de puente saliente y esa conexi\\u00f3n de puente tiene un tema entrante configurado que hace uso de reasignaci\\u00f3n de temas, entonces si la conexi\\u00f3n remota env\\u00eda un paquete PUBLISH manipulado al agente, se producir\\u00e1 una doble liberaci\\u00f3n con un bloqueo posterior del agente.\"}]",
"id": "CVE-2024-3935",
"lastModified": "2025-01-09T18:15:28.337",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
"published": "2024-10-30T12:15:03.090",
"references": "[{\"url\": \"https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://mosquitto.org/blog/2024/10/version-2-0-19-released/\", \"source\": \"emo@eclipse.org\"}]",
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-415\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3935\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2024-10-30T12:15:03.090\",\"lastModified\":\"2025-11-03T21:16:16.427\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.\"},{\"lang\":\"es\",\"value\":\"En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto est\u00e1 configurado para crear una conexi\u00f3n de puente saliente y esa conexi\u00f3n de puente tiene un tema entrante configurado que hace uso de reasignaci\u00f3n de temas, entonces si la conexi\u00f3n remota env\u00eda un paquete PUBLISH manipulado al agente, se producir\u00e1 una doble liberaci\u00f3n con un bloqueo posterior del agente.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.19\",\"matchCriteriaId\":\"B65EE48E-6ADF-41D6-B103-5B48B8EC9699\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://mosquitto.org/blog/2024/10/version-2-0-19-released/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:38:15.605Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3935\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-30T13:27:07.940300Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*\"], \"vendor\": \"eclipse_foundation\", \"product\": \"mosquitto\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.0.18\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-30T13:32:01.043Z\"}}], \"cna\": {\"title\": \"Eclipse Mosquito: Double free vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"song xiangpu\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/eclipse/mosquitto\", \"vendor\": \"Eclipse Foundation\", \"product\": \"mosquitto\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.0.18\"}], \"packageName\": \"mosquitto\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-10-30T11:44:00.000Z\", \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197\"}, {\"url\": \"https://mosquitto.org/blog/2024/10/version-2-0-19-released/\"}, {\"url\": \"https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-415\", \"description\": \"CWE-415 Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2024-10-31T09:12:11.012Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3935\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:38:15.605Z\", \"dateReserved\": \"2024-04-17T17:12:36.491Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2024-10-30T11:45:23.506Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SCA-2025-0006
Vulnerability from csaf_sick - Published: 2025-04-28 13:00 - Updated: 2025-04-28 13:00Summary
Vulnerability affecting picoScan and multiScan
Notes
summary
SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0006.json"
}
],
"title": "Vulnerability affecting picoScan and multiScan",
"tracking": {
"current_release_date": "2025-04-28T13:00:00.000Z",
"generator": {
"date": "2025-04-28T06:38:33.857Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "SCA-2025-0006",
"initial_release_date": "2025-04-28T13:00:00.000Z",
"revision_history": [
{
"date": "2025-04-28T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T07:30:49.000Z",
"number": "2",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK picoScan1XX all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1134607",
"1134608",
"1134609",
"1134610",
"1141395",
"1141396",
"1141397",
"1141751",
"1142269",
"1142270",
"1142272",
"1142273"
]
}
}
}
],
"category": "product_name",
"name": "picoScan1XX"
}
],
"category": "product_family",
"name": "picoScan100"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK multiScan1XX all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1131164",
"1137723",
"1140110",
"1140133",
"1140134",
"1141496",
"1143873"
]
}
}
}
],
"category": "product_name",
"name": "multiScan1XX"
}
],
"category": "product_family",
"name": "multiScan100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK picoScan1XX Firmware all versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "picoScan1XX Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK multiScan1XX Firmware all versions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "multiScan1XX Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK picoScan1XX all Firmware versions",
"product_id": "CSAFPID-0005"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK multiScan1XX all Firmware versions",
"product_id": "CSAFPID-0006"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32472",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices. Additionally, the web server can be disabled via the CyberSecurity page in the UI.",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Denial-of-Service Vulnerability in multiScan and picoScan via Slowloris Attack"
},
{
"cve": "CVE-2024-38517",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Underflow in GenericReader::ParseNumber() Function"
},
{
"cve": "CVE-2024-39684",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Overflow in GenericReader::ParseNumber() Function"
},
{
"cve": "CVE-2022-46908",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Protection Mechanism Bypass via Improper Implementation of \u0027azProhibitedFunctions\u0027"
},
{
"cve": "CVE-2021-36690",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Denial-of-Service (DoS) via Segmentation Fault in \u0027idxGetTableInfo\u0027 Function"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Memory Corruption via Stack-Based Buffer Overflow in \u0027sqlite3_str_vappendf()\u0027 Function Used by \u0027printf\u0027 Family API Implementations"
},
{
"cve": "CVE-2021-45346",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Information Disclosure via Maliciously Crafted Queries"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in \u0027sessionReadRecord\u0027 Function of \u0027Sessions\u0027 Extension"
},
{
"cve": "CVE-2022-28805",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) and Information Disclosure via Heap-Based Buffer Over-Read in \u0027luaH_getshortstr\u0027 Function"
},
{
"cve": "CVE-2020-24370",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Integer Overflow in \u0027ldebug.c\u0027 File"
},
{
"cve": "CVE-2021-43519",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in \u0027ldo.c\u0027"
},
{
"cve": "CVE-2020-24369",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in \u0027ldo.c\u0027"
},
{
"cve": "CVE-2020-24371",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Information Disclosure via Mishandled Interaction Between Barriers and Sweep Phase"
},
{
"cve": "CVE-2022-33099",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in \u0027luaG_runerror\u0027 Function"
},
{
"cve": "CVE-2020-15945",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service via \u0027changedline\u0027 Function"
},
{
"cve": "CVE-2020-15888",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Multiple Heap Related Memory Errors via Garbage Collection \u0027Stack Resizing\u0027"
},
{
"cve": "CVE-2020-24342",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in \u0027luaD_callnoyield\u0027 Function"
},
{
"cve": "CVE-2024-10525",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Heap-Based-Buffer Overflow in Crafted SUBACK Packet in libmosquitto Component"
},
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Specific Sequences in Packet Handling Component"
},
{
"cve": "CVE-2023-28366",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak Triggered by Duplicate QoS 2 Messages"
},
{
"cve": "CVE-2023-3592",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak in \u0027v5 CONNECT\u0027 Packets"
},
{
"cve": "CVE-2024-3935",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Double Free in Crafted PUBLISH Packet in Outgoing Bridge Connection"
},
{
"cve": "CVE-2023-0809",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Excessive Memory Allocation"
}
]
}
GHSA-R5MW-C5JC-R788
Vulnerability from github – Published: 2024-10-30 12:31 – Updated: 2025-11-03 21:31
VLAI?
Details
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2024-3935"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-30T12:15:03Z",
"severity": "MODERATE"
},
"details": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.",
"id": "GHSA-r5mw-c5jc-r788",
"modified": "2025-11-03T21:31:29Z",
"published": "2024-10-30T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3935"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
},
{
"type": "WEB",
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
OPENSUSE-SU-2026:20260-1
Vulnerability from csaf_opensuse - Published: 2026-02-23 18:17 - Updated: 2026-02-23 18:17Summary
Security update for mosquitto
Notes
Title of the patch
Security update for mosquitto
Description of the patch
This update for mosquitto fixes the following issues:
Changes in mosquitto:
- update to 2.0.23 (boo#1258671)
* Fix handling of disconnected sessions for `per_listener_settings
true`
* Check return values of openssl *_get_ex_data() and
*_set_ex_data() to prevent possible crash. This could occur only
in extremely unlikely situations
* Check return value of openssl ASN1_string_[get0_]data()
functions for NULL. This prevents a crash in case of incorrect
certificate handling in openssl
* Fix potential crash on startup if a malicious/corrupt
persistence file from mosquitto 1.5 or earlier is loaded
* Limit auto_id_prefix to 50 characters
- Update to version 2.0.22
Broker
* Bridge: Fix idle_timeout never occurring for lazy bridges.
* Fix case where max_queued_messages = 0 was not treated as
unlimited.
* Fix --version exit code and output.
* Fix crash on receiving a $CONTROL message over a bridge, if
per_listener_settings is set true and the bridge is carrying
out topic remapping.
* Fix incorrect reference clock being selected on startup on
Linux. Closes #3238.
* Fix reporting of client disconnections being incorrectly
attributed to "out of memory".
* Fix compilation when using WITH_OLD_KEEPALIVE.
* Fix problems with secure websockets.
* Fix crash on exit when using WITH_EPOLL=no.
* Fix clients being incorrectly expired when they have
keepalive == max_keepalive. Closes #3226, #3286.
Dynamic security plugin
* Fix mismatch memory free when saving config which caused
memory tracking to be incorrect.
Client library
* Fix C++ symbols being removed when compiled with link time
optimisation.
* TLS error handling was incorrectly setting a protocol error
for non-TLS errors. This would cause the mosquitto_loop_start()
thread to exit if no broker was available on the first
connection attempt. This has been fixed. Closes #3258.
* Fix linker errors on some architectures using cmake.
- Update to version 2.0.21
Broker
* Fix clients sending a RESERVED packet not being quickly
disconnected.
* Fix bind_interface producing an error when used with an
interface that has an IPv6 link-local address and no other
IPv6 addresses.
* Fix mismatched wrapped/unwrapped memory alloc/free in
properties.
* Fix allow_anonymous false not being applied in local only mode.
* Add retain_expiry_interval option to fix expired retained
message not being removed from memory if they are not
subscribed to.
* Produce an error if invalid combinations of
cafile/capath/certfile/keyfile are used.
* Backport keepalive checking from develop to fix problems in
current implementation.
Client library
* Fix potential deadlock in mosquitto_sub if -W is used.
Apps
* mosquitto_ctrl dynsec now also allows -i to specify a clientid
as well as -c. This matches the documentation which states -i.
Tests
* Fix 08-ssl-connect-cert-auth-expired and
08-ssl-connect-cert-auth-revoked tests when under load.
- systemd service: Wait till the network got setup to avoid
startup failure.
Patchnames
openSUSE-Leap-16.0-packagehub-138
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mosquitto",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mosquitto fixes the following issues:\n\nChanges in mosquitto:\n\n- update to 2.0.23 (boo#1258671)\n * Fix handling of disconnected sessions for `per_listener_settings\n true`\n * Check return values of openssl *_get_ex_data() and\n *_set_ex_data() to prevent possible crash. This could occur only\n in extremely unlikely situations\n * Check return value of openssl ASN1_string_[get0_]data()\n functions for NULL. This prevents a crash in case of incorrect\n certificate handling in openssl\n * Fix potential crash on startup if a malicious/corrupt\n persistence file from mosquitto 1.5 or earlier is loaded\n * Limit auto_id_prefix to 50 characters\n\n- Update to version 2.0.22\n Broker\n * Bridge: Fix idle_timeout never occurring for lazy bridges.\n * Fix case where max_queued_messages = 0 was not treated as\n unlimited.\n * Fix --version exit code and output.\n * Fix crash on receiving a $CONTROL message over a bridge, if\n per_listener_settings is set true and the bridge is carrying\n out topic remapping.\n * Fix incorrect reference clock being selected on startup on\n Linux. Closes #3238.\n * Fix reporting of client disconnections being incorrectly\n attributed to \"out of memory\".\n * Fix compilation when using WITH_OLD_KEEPALIVE.\n * Fix problems with secure websockets.\n * Fix crash on exit when using WITH_EPOLL=no.\n * Fix clients being incorrectly expired when they have\n keepalive == max_keepalive. Closes #3226, #3286.\n Dynamic security plugin\n * Fix mismatch memory free when saving config which caused\n memory tracking to be incorrect.\n Client library\n * Fix C++ symbols being removed when compiled with link time\n optimisation.\n * TLS error handling was incorrectly setting a protocol error\n for non-TLS errors. This would cause the mosquitto_loop_start()\n thread to exit if no broker was available on the first\n connection attempt. This has been fixed. Closes #3258.\n * Fix linker errors on some architectures using cmake.\n\n- Update to version 2.0.21\n Broker\n * Fix clients sending a RESERVED packet not being quickly\n disconnected.\n * Fix bind_interface producing an error when used with an\n interface that has an IPv6 link-local address and no other\n IPv6 addresses.\n * Fix mismatched wrapped/unwrapped memory alloc/free in\n properties.\n * Fix allow_anonymous false not being applied in local only mode.\n * Add retain_expiry_interval option to fix expired retained\n message not being removed from memory if they are not\n subscribed to.\n * Produce an error if invalid combinations of\n cafile/capath/certfile/keyfile are used.\n * Backport keepalive checking from develop to fix problems in\n current implementation.\n Client library\n * Fix potential deadlock in mosquitto_sub if -W is used.\n Apps\n * mosquitto_ctrl dynsec now also allows -i to specify a clientid\n as well as -c. This matches the documentation which states -i.\n Tests\n * Fix 08-ssl-connect-cert-auth-expired and\n 08-ssl-connect-cert-auth-revoked tests when under load.\n\n- systemd service: Wait till the network got setup to avoid\n startup failure.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-138",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20260-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1232635",
"url": "https://bugzilla.suse.com/1232635"
},
{
"category": "self",
"summary": "SUSE Bug 1232636",
"url": "https://bugzilla.suse.com/1232636"
},
{
"category": "self",
"summary": "SUSE Bug 1258671",
"url": "https://bugzilla.suse.com/1258671"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10525 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3935 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3935/"
}
],
"title": "Security update for mosquitto",
"tracking": {
"current_release_date": "2026-02-23T18:17:43Z",
"generator": {
"date": "2026-02-23T18:17:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20260-1",
"initial_release_date": "2026-02-23T18:17:43Z",
"revision_history": [
{
"date": "2026-02-23T18:17:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.23-bp160.1.1.aarch64",
"product": {
"name": "libmosquitto1-2.0.23-bp160.1.1.aarch64",
"product_id": "libmosquitto1-2.0.23-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"product": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"product_id": "libmosquittopp1-2.0.23-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.23-bp160.1.1.aarch64",
"product": {
"name": "mosquitto-2.0.23-bp160.1.1.aarch64",
"product_id": "mosquitto-2.0.23-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"product": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"product_id": "mosquitto-clients-2.0.23-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"product": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"product_id": "mosquitto-devel-2.0.23-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"product": {
"name": "libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"product_id": "libmosquitto1-2.0.23-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"product": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"product_id": "libmosquittopp1-2.0.23-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.23-bp160.1.1.ppc64le",
"product": {
"name": "mosquitto-2.0.23-bp160.1.1.ppc64le",
"product_id": "mosquitto-2.0.23-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"product": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"product_id": "mosquitto-clients-2.0.23-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"product": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"product_id": "mosquitto-devel-2.0.23-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.23-bp160.1.1.s390x",
"product": {
"name": "libmosquitto1-2.0.23-bp160.1.1.s390x",
"product_id": "libmosquitto1-2.0.23-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.23-bp160.1.1.s390x",
"product": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.s390x",
"product_id": "libmosquittopp1-2.0.23-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.23-bp160.1.1.s390x",
"product": {
"name": "mosquitto-2.0.23-bp160.1.1.s390x",
"product_id": "mosquitto-2.0.23-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.23-bp160.1.1.s390x",
"product": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.s390x",
"product_id": "mosquitto-clients-2.0.23-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.23-bp160.1.1.s390x",
"product": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.s390x",
"product_id": "mosquitto-devel-2.0.23-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.23-bp160.1.1.x86_64",
"product": {
"name": "libmosquitto1-2.0.23-bp160.1.1.x86_64",
"product_id": "libmosquitto1-2.0.23-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"product": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"product_id": "libmosquittopp1-2.0.23-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.23-bp160.1.1.x86_64",
"product": {
"name": "mosquitto-2.0.23-bp160.1.1.x86_64",
"product_id": "mosquitto-2.0.23-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"product": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"product_id": "mosquitto-clients-2.0.23-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.23-bp160.1.1.x86_64",
"product": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.x86_64",
"product_id": "mosquitto-devel-2.0.23-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64"
},
"product_reference": "libmosquitto1-2.0.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le"
},
"product_reference": "libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x"
},
"product_reference": "libmosquitto1-2.0.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64"
},
"product_reference": "libmosquitto1-2.0.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64"
},
"product_reference": "libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le"
},
"product_reference": "libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x"
},
"product_reference": "libmosquittopp1-2.0.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64"
},
"product_reference": "libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64"
},
"product_reference": "mosquitto-2.0.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le"
},
"product_reference": "mosquitto-2.0.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x"
},
"product_reference": "mosquitto-2.0.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64"
},
"product_reference": "mosquitto-2.0.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64"
},
"product_reference": "mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le"
},
"product_reference": "mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x"
},
"product_reference": "mosquitto-clients-2.0.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64"
},
"product_reference": "mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64"
},
"product_reference": "mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le"
},
"product_reference": "mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x"
},
"product_reference": "mosquitto-devel-2.0.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
},
"product_reference": "mosquitto-devel-2.0.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10525"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10525",
"url": "https://www.suse.com/security/cve/CVE-2024-10525"
},
{
"category": "external",
"summary": "SUSE Bug 1232636 for CVE-2024-10525",
"url": "https://bugzilla.suse.com/1232636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T18:17:43Z",
"details": "critical"
}
],
"title": "CVE-2024-10525"
},
{
"cve": "CVE-2024-3935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3935"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3935",
"url": "https://www.suse.com/security/cve/CVE-2024-3935"
},
{
"category": "external",
"summary": "SUSE Bug 1232635 for CVE-2024-3935",
"url": "https://bugzilla.suse.com/1232635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquitto1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:libmosquittopp1-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-clients-2.0.23-bp160.1.1.x86_64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:mosquitto-devel-2.0.23-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-23T18:17:43Z",
"details": "important"
}
],
"title": "CVE-2024-3935"
}
]
}
OPENSUSE-SU-2025:15074-1
Vulnerability from csaf_opensuse - Published: 2025-05-09 00:00 - Updated: 2025-05-09 00:00Summary
libmosquitto1-2.0.21-2.1 on GA media
Notes
Title of the patch
libmosquitto1-2.0.21-2.1 on GA media
Description of the patch
These are all security issues fixed in the libmosquitto1-2.0.21-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15074
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libmosquitto1-2.0.21-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libmosquitto1-2.0.21-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15074",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15074-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15074-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZVFEGLDJBY7EABGWWD3F2MDZ223VAMQ6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15074-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZVFEGLDJBY7EABGWWD3F2MDZ223VAMQ6/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3935 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3935/"
}
],
"title": "libmosquitto1-2.0.21-2.1 on GA media",
"tracking": {
"current_release_date": "2025-05-09T00:00:00Z",
"generator": {
"date": "2025-05-09T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15074-1",
"initial_release_date": "2025-05-09T00:00:00Z",
"revision_history": [
{
"date": "2025-05-09T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.21-2.1.aarch64",
"product": {
"name": "libmosquitto1-2.0.21-2.1.aarch64",
"product_id": "libmosquitto1-2.0.21-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.21-2.1.aarch64",
"product": {
"name": "libmosquittopp1-2.0.21-2.1.aarch64",
"product_id": "libmosquittopp1-2.0.21-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.21-2.1.aarch64",
"product": {
"name": "mosquitto-2.0.21-2.1.aarch64",
"product_id": "mosquitto-2.0.21-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.21-2.1.aarch64",
"product": {
"name": "mosquitto-clients-2.0.21-2.1.aarch64",
"product_id": "mosquitto-clients-2.0.21-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.21-2.1.aarch64",
"product": {
"name": "mosquitto-devel-2.0.21-2.1.aarch64",
"product_id": "mosquitto-devel-2.0.21-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.21-2.1.ppc64le",
"product": {
"name": "libmosquitto1-2.0.21-2.1.ppc64le",
"product_id": "libmosquitto1-2.0.21-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.21-2.1.ppc64le",
"product": {
"name": "libmosquittopp1-2.0.21-2.1.ppc64le",
"product_id": "libmosquittopp1-2.0.21-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.21-2.1.ppc64le",
"product": {
"name": "mosquitto-2.0.21-2.1.ppc64le",
"product_id": "mosquitto-2.0.21-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.21-2.1.ppc64le",
"product": {
"name": "mosquitto-clients-2.0.21-2.1.ppc64le",
"product_id": "mosquitto-clients-2.0.21-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.21-2.1.ppc64le",
"product": {
"name": "mosquitto-devel-2.0.21-2.1.ppc64le",
"product_id": "mosquitto-devel-2.0.21-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.21-2.1.s390x",
"product": {
"name": "libmosquitto1-2.0.21-2.1.s390x",
"product_id": "libmosquitto1-2.0.21-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.21-2.1.s390x",
"product": {
"name": "libmosquittopp1-2.0.21-2.1.s390x",
"product_id": "libmosquittopp1-2.0.21-2.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.21-2.1.s390x",
"product": {
"name": "mosquitto-2.0.21-2.1.s390x",
"product_id": "mosquitto-2.0.21-2.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.21-2.1.s390x",
"product": {
"name": "mosquitto-clients-2.0.21-2.1.s390x",
"product_id": "mosquitto-clients-2.0.21-2.1.s390x"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.21-2.1.s390x",
"product": {
"name": "mosquitto-devel-2.0.21-2.1.s390x",
"product_id": "mosquitto-devel-2.0.21-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmosquitto1-2.0.21-2.1.x86_64",
"product": {
"name": "libmosquitto1-2.0.21-2.1.x86_64",
"product_id": "libmosquitto1-2.0.21-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmosquittopp1-2.0.21-2.1.x86_64",
"product": {
"name": "libmosquittopp1-2.0.21-2.1.x86_64",
"product_id": "libmosquittopp1-2.0.21-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-2.0.21-2.1.x86_64",
"product": {
"name": "mosquitto-2.0.21-2.1.x86_64",
"product_id": "mosquitto-2.0.21-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-clients-2.0.21-2.1.x86_64",
"product": {
"name": "mosquitto-clients-2.0.21-2.1.x86_64",
"product_id": "mosquitto-clients-2.0.21-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "mosquitto-devel-2.0.21-2.1.x86_64",
"product": {
"name": "mosquitto-devel-2.0.21-2.1.x86_64",
"product_id": "mosquitto-devel-2.0.21-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.aarch64"
},
"product_reference": "libmosquitto1-2.0.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.ppc64le"
},
"product_reference": "libmosquitto1-2.0.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.s390x"
},
"product_reference": "libmosquitto1-2.0.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquitto1-2.0.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.x86_64"
},
"product_reference": "libmosquitto1-2.0.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.aarch64"
},
"product_reference": "libmosquittopp1-2.0.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.ppc64le"
},
"product_reference": "libmosquittopp1-2.0.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.s390x"
},
"product_reference": "libmosquittopp1-2.0.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmosquittopp1-2.0.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.x86_64"
},
"product_reference": "libmosquittopp1-2.0.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-2.0.21-2.1.aarch64"
},
"product_reference": "mosquitto-2.0.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-2.0.21-2.1.ppc64le"
},
"product_reference": "mosquitto-2.0.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-2.0.21-2.1.s390x"
},
"product_reference": "mosquitto-2.0.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-2.0.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-2.0.21-2.1.x86_64"
},
"product_reference": "mosquitto-2.0.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.aarch64"
},
"product_reference": "mosquitto-clients-2.0.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.ppc64le"
},
"product_reference": "mosquitto-clients-2.0.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.s390x"
},
"product_reference": "mosquitto-clients-2.0.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-clients-2.0.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.x86_64"
},
"product_reference": "mosquitto-clients-2.0.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.aarch64"
},
"product_reference": "mosquitto-devel-2.0.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.ppc64le"
},
"product_reference": "mosquitto-devel-2.0.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.s390x"
},
"product_reference": "mosquitto-devel-2.0.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-devel-2.0.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.x86_64"
},
"product_reference": "mosquitto-devel-2.0.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3935"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3935",
"url": "https://www.suse.com/security/cve/CVE-2024-3935"
},
{
"category": "external",
"summary": "SUSE Bug 1232635 for CVE-2024-3935",
"url": "https://bugzilla.suse.com/1232635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquitto1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:libmosquittopp1-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-clients-2.0.21-2.1.x86_64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.aarch64",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.ppc64le",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.s390x",
"openSUSE Tumbleweed:mosquitto-devel-2.0.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-09T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3935"
}
]
}
CVE-2024-3935
Vulnerability from csaf_adstecindustrialitgmbh - Published: 2025-04-14 10:00 - Updated: 2025-04-14 10:00Summary
ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products
Notes
Summary
The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.
Impact
Exploitation could result in denial-of-service (DoS) or Mosquitto crashes. Remote code execution (RCE) is theoretically possible but mitigated by security hardening and user-level process isolation.
Mitigation
Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.
Remediation
Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "Coordination",
"urls": [
"https://certvde.com/en/"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3-1/specification-document",
"text": "Medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.",
"title": "Summary"
},
{
"category": "description",
"text": "Exploitation could result in denial-of-service (DoS) or Mosquitto crashes. Remote code execution (RCE) is theoretically possible but mitigated by security hardening and user-level process isolation.",
"title": "Impact"
},
{
"category": "description",
"text": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@ads-tec.de",
"name": "ads-tec Industrial IT GmbH",
"namespace": "https://www.ads-tec-iit.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2025-033: ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-033/"
},
{
"category": "self",
"summary": "VDE-2025-033: ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products - CSAF",
"url": "https://ads-tec-iit.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-033.json"
}
],
"title": "ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products",
"tracking": {
"aliases": [
"VDE-2025-033",
"ADS2025001"
],
"current_release_date": "2025-04-14T10:00:00.000Z",
"generator": {
"date": "2025-04-04T07:52:10.569Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2025-033",
"initial_release_date": "2025-04-14T10:00:00.000Z",
"revision_history": [
{
"date": "2025-04-14T10:00:00.000Z",
"number": "1",
"summary": "Initial revision"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DVG-IRF1401",
"product": {
"name": "DVG-IRF1401",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "DVG-IRF1421",
"product": {
"name": "DVG-IRF1421",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_family",
"name": "IRF1000"
},
{
"branches": [
{
"category": "product_name",
"name": "DVG-IRF2200",
"product": {
"name": "DVG-IRF2200",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "DVG-IRF2100",
"product": {
"name": "DVG-IRF2100",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "DVG-IRF2220",
"product": {
"name": "DVG-IRF2220",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "DVG-IRF2621",
"product": {
"name": "DVG-IRF2621",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "DVG-IRF2601",
"product": {
"name": "DVG-IRF2601",
"product_id": "CSAFPID-11007"
}
}
],
"category": "product_family",
"name": "IRF2000"
},
{
"branches": [
{
"category": "product_name",
"name": "DVG-IRF3401",
"product": {
"name": "DVG-IRF3401",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "DVG-IRF3421",
"product": {
"name": "DVG-IRF3421",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": " DVG-IRF3801",
"product": {
"name": "DVG-IRF3801",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": " DVG-IRF3821",
"product": {
"name": "DVG-IRF3821",
"product_id": "CSAFPID-11011"
}
}
],
"category": "product_family",
"name": "IRF3000"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1.0",
"product": {
"name": "Firmware \u003c2.1.0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c6.1.0",
"product": {
"name": "Firmware \u003c6.1.0",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "2.1.0",
"product": {
"name": "Firmware 2.1.0",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "6.1.0",
"product": {
"name": "Firmware 6.1.0",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "ads-tec Industrial IT GmbH"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF1401",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF1421",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c6.1.0 installed on DVG-IRF2200",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c6.1.0 installed on DVG-IRF2100",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c6.1.0 installed on DVG-IRF2220",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c6.1.0 installed on DVG-IRF2621",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c6.1.0 installed on DVG-IRF2601",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF3401",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF3421",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF3801",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on DVG-IRF3821",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF1401",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF1421",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.0 installed on DVG-IRF2200",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.0 installed on DVG-IRF2100",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.0 installed on DVG-IRF2220",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.0 installed on DVG-IRF2621",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.0 installed on DVG-IRF2601",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF3401",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF3421",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF3801",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.1.0 installed on DVG-IRF3821",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3935",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing\nbridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur\nwith a subsequent crash of the broker.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "Adjusted CVSS Score (Product Context): \nBase Score: 5.3 (Medium) \nVector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\n\nJustification: \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
}
],
"title": "CVE-2024-3935"
},
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heapuse-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\"\nand \"PUBLISH\" packets",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "Adjusted CVSS Score (Product Context): \nBase Score: 5.9 (Medium)\nVector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nJustification: \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
}
],
"title": "CVE-2024-8376"
},
{
"cve": "CVE-2024-10525",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet\nwith no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its\non_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "Adjusted CVSS Score (Product Context): \nBase Score: 5.6 (Medium)\nVector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n\nJustification: \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time. \nC/I/A: Downgraded from High to Low due to process sandboxing and reduced privileges.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
]
}
],
"title": "CVE-2024-10525"
}
]
}
GSD-2024-3935
Vulnerability from gsd - Updated: 2024-04-18 05:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-3935"
],
"id": "GSD-2024-3935",
"modified": "2024-04-18T05:02:10.660998Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-3935",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
FKIE_CVE-2024-3935
Vulnerability from fkie_nvd - Published: 2024-10-30 12:15 - Updated: 2025-11-03 21:16
Severity ?
Summary
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B65EE48E-6ADF-41D6-B103-5B48B8EC9699",
"versionEndExcluding": "2.0.19",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
},
{
"lang": "es",
"value": "En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto est\u00e1 configurado para crear una conexi\u00f3n de puente saliente y esa conexi\u00f3n de puente tiene un tema entrante configurado que hace uso de reasignaci\u00f3n de temas, entonces si la conexi\u00f3n remota env\u00eda un paquete PUBLISH manipulado al agente, se producir\u00e1 una doble liberaci\u00f3n con un bloqueo posterior del agente."
}
],
"id": "CVE-2024-3935",
"lastModified": "2025-11-03T21:16:16.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2024-10-30T12:15:03.090",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-3935
Vulnerability from fstec - Published: 30.10.2024
VLAI Severity ?
Title
Уязвимость брокера сообщений Eclipse Mosquitto, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость брокера сообщений Eclipse Mosquitto связана с повторным освобождением памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «НТЦ ИТ РОСА», Eclipse Foundation
Software Name
Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), РОСА ХРОМ (запись в едином реестре российских программ №1607), Eclipse Mosquitto
Software Version
11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 12.4 (РОСА ХРОМ), от 2.0.0 до 2.0.19 (Eclipse Mosquitto)
Possible Mitigations
Использование рекомендаций производителя:
Для Eclipse Mosquitto:
https://mosquitto.org/blog/2024/10/version-2-0-19-released/
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-3935
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-2912
Reference
https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197
https://mosquitto.org/blog/2024/10/version-2-0-19-released/
https://redos.red-soft.ru/support/secure/
https://security-tracker.debian.org/tracker/CVE-2024-3935
https://abf.rosa.ru/advisories/ROSA-SA-2025-2912
CWE
CWE-415
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Eclipse Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u043e\u0442 2.0.0 \u0434\u043e 2.0.19 (Eclipse Mosquitto)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Eclipse Mosquitto:\nhttps://mosquitto.org/blog/2024/10/version-2-0-19-released/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-3935\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2025-2912",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09880",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-3935",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Eclipse Mosquitto",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 Eclipse Mosquitto, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u043c \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 (CWE-415)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 Eclipse Mosquitto \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u043c \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9\nhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197\nhttps://mosquitto.org/blog/2024/10/version-2-0-19-released/\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2024-3935\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2912",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-415",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…