Vulnerability-Lookup

VDE-2025-033

Vulnerability from csaf_adstecindustrialitgmbh - Published: 2025-04-14 10:00 - Updated: 2025-04-14 10:00

Summary

ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products

Severity

Medium

Notes

Summary: The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.

Impact: Exploitation could result in denial-of-service (DoS) or Mosquitto crashes. Remote code execution (RCE) is theoretically possible but mitigated by security hardening and user-level process isolation.

Mitigation: Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.

Remediation: Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-415 - Double Free

Mitigation Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.

Vendor Fix Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.

Affected products

Fixed 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-32003		—
Unresolved product id: CSAFPID-32004		—
Unresolved product id: CSAFPID-32005		—
Unresolved product id: CSAFPID-32006		—
Unresolved product id: CSAFPID-32007		—
Unresolved product id: CSAFPID-32008		—
Unresolved product id: CSAFPID-32009		—
Unresolved product id: CSAFPID-32010		—
Unresolved product id: CSAFPID-32011		—

Known affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heapuse-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Mitigation Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.

Vendor Fix Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.

Affected products

Fixed 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-32003		—
Unresolved product id: CSAFPID-32004		—
Unresolved product id: CSAFPID-32005		—
Unresolved product id: CSAFPID-32006		—
Unresolved product id: CSAFPID-32007		—
Unresolved product id: CSAFPID-32008		—
Unresolved product id: CSAFPID-32009		—
Unresolved product id: CSAFPID-32010		—
Unresolved product id: CSAFPID-32011		—

Known affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—

CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Mitigation Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.

Vendor Fix Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.

Affected products

Fixed 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-32003		—
Unresolved product id: CSAFPID-32004		—
Unresolved product id: CSAFPID-32005		—
Unresolved product id: CSAFPID-32006		—
Unresolved product id: CSAFPID-32007		—
Unresolved product id: CSAFPID-32008		—
Unresolved product id: CSAFPID-32009		—
Unresolved product id: CSAFPID-32010		—
Unresolved product id: CSAFPID-32011		—

Known affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—

References

2 references

URL	Category
https://certvde.com/en/advisories/VDE-2025-033/	self
https://ads-tec-iit.csaf-tp.certvde.com/.well-kno…	self

Acknowledgments

CERTVDE certvde.com/en/

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "Coordination",
        "urls": [
          "https://certvde.com/en/"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3-1/specification-document",
      "text": "Medium"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Exploitation could result in denial-of-service (DoS) or Mosquitto crashes. Remote code execution (RCE) is theoretically possible but mitigated by security hardening and user-level process isolation.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@ads-tec.de",
      "name": "ads-tec Industrial IT GmbH",
      "namespace": "https://www.ads-tec-iit.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2025-033: ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-033/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-033: ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products - CSAF",
        "url": "https://ads-tec-iit.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-033.json"
      }
    ],
    "title": "ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products",
    "tracking": {
      "aliases": [
        "VDE-2025-033",
        "ADS2025001"
      ],
      "current_release_date": "2025-04-14T10:00:00.000Z",
      "generator": {
        "date": "2025-04-04T07:52:10.569Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.21"
        }
      },
      "id": "VDE-2025-033",
      "initial_release_date": "2025-04-14T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-04-14T10:00:00.000Z",
          "number": "1",
          "summary": "Initial revision"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "DVG-IRF1401",
                    "product": {
                      "name": "DVG-IRF1401",
                      "product_id": "CSAFPID-11001"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF1421",
                    "product": {
                      "name": "DVG-IRF1421",
                      "product_id": "CSAFPID-11002"
                    }
                  }
                ],
                "category": "product_family",
                "name": "IRF1000"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "DVG-IRF2200",
                    "product": {
                      "name": "DVG-IRF2200",
                      "product_id": "CSAFPID-11003"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF2100",
                    "product": {
                      "name": "DVG-IRF2100",
                      "product_id": "CSAFPID-11004"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF2220",
                    "product": {
                      "name": "DVG-IRF2220",
                      "product_id": "CSAFPID-11005"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF2621",
                    "product": {
                      "name": "DVG-IRF2621",
                      "product_id": "CSAFPID-11006"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF2601",
                    "product": {
                      "name": "DVG-IRF2601",
                      "product_id": "CSAFPID-11007"
                    }
                  }
                ],
                "category": "product_family",
                "name": "IRF2000"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "DVG-IRF3401",
                    "product": {
                      "name": "DVG-IRF3401",
                      "product_id": "CSAFPID-11008"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "DVG-IRF3421",
                    "product": {
                      "name": "DVG-IRF3421",
                      "product_id": "CSAFPID-11009"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": " DVG-IRF3801",
                    "product": {
                      "name": "DVG-IRF3801",
                      "product_id": "CSAFPID-11010"
                    }
                  },
                  {
                    "category": "product_name",
                    "name": " DVG-IRF3821",
                    "product": {
                      "name": "DVG-IRF3821",
                      "product_id": "CSAFPID-11011"
                    }
                  }
                ],
                "category": "product_family",
                "name": "IRF3000"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.1.0",
                "product": {
                  "name": "Firmware \u003c2.1.0",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.0",
                "product": {
                  "name": "Firmware \u003c6.1.0",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "2.1.0",
                "product": {
                  "name": "Firmware 2.1.0",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.0",
                "product": {
                  "name": "Firmware 6.1.0",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "ads-tec Industrial IT GmbH"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF1401",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF1421",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c6.1.0 installed on DVG-IRF2200",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c6.1.0 installed on DVG-IRF2100",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c6.1.0 installed on DVG-IRF2220",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c6.1.0 installed on DVG-IRF2621",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c6.1.0 installed on DVG-IRF2601",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF3401",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF3421",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF3801",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.1.0 installed on DVG-IRF3821",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF1401",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF1421",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.0 installed on DVG-IRF2200",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.0 installed on DVG-IRF2100",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.0 installed on DVG-IRF2220",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.0 installed on DVG-IRF2621",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.0 installed on DVG-IRF2601",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF3401",
          "product_id": "CSAFPID-32008"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF3421",
          "product_id": "CSAFPID-32009"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF3801",
          "product_id": "CSAFPID-32010"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.1.0 installed on DVG-IRF3821",
          "product_id": "CSAFPID-32011"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11011"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3935",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing\nbridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur\nwith a subsequent crash of the broker.",
          "title": "Vulnerability Description"
        },
        {
          "audience": "all",
          "category": "details",
          "text": "Adjusted CVSS Score (Product Context):  \nBase Score: 5.3 (Medium)  \nVector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\n\nJustification:  \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time.",
          "title": "Vulnerability Characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011"
          ]
        }
      ],
      "title": "CVE-2024-3935"
    },
    {
      "cve": "CVE-2024-8376",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heapuse-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\"\nand \"PUBLISH\" packets",
          "title": "Vulnerability Description"
        },
        {
          "audience": "all",
          "category": "details",
          "text": "Adjusted CVSS Score (Product Context):  \nBase Score: 5.9 (Medium)\nVector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nJustification:  \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time.",
          "title": "Vulnerability Characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011"
          ]
        }
      ],
      "title": "CVE-2024-8376"
    },
    {
      "cve": "CVE-2024-10525",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet\nwith no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its\non_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.",
          "title": "Vulnerability Description"
        },
        {
          "audience": "all",
          "category": "details",
          "text": "Adjusted CVSS Score (Product Context):  \nBase Score: 5.6 (Medium)\nVector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n\nJustification:  \nAC:H (High): Attacks on the product must be carried out via the MQTT server. This means the attack cannot be directly repeated across different setups, as a new server must be compromised each time.  \nC/I/A: Downgraded from High to Low due to process sandboxing and reduced privileges.",
          "title": "Vulnerability Characterisation"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable MQTT publishing or ensure connections are made only to trusted and TLS-secured MQTT brokers.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to firmware IRF1000 v2.1.0, IRF2000 v6.1.0, IRF3000 v2.1.0 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011"
          ]
        }
      ],
      "title": "CVE-2024-10525"
    }
  ]
}

CVE-2024-10525 (GCVE-0-2024-10525)

Vulnerability from cvelistv5 – Published: 2024-10-30 11:41 – Updated: 2025-11-03 20:36

Title

Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback

Summary

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

eclipse

References

3 references

URL	Tags
https://gitlab.eclipse.org/security/vulnerability…
https://mosquitto.org/blog/2024/10/version-2-0-19…
https://github.com/eclipse-mosquitto/mosquitto/co…

Impacted products

1 product

Vendor	Product	Version
Eclipse Foundation	mosquitto	Affected: 1.3.2 , ≤ 2.0.18 (semver)

Date Public

2024-10-30 11:40

Credits

Qingpeng Du

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mosquitto",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThanOrEqual": "2.0.18",
                "status": "affected",
                "version": "1.3.2",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10525",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:33:25.135814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T17:11:50.812Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:24.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "mosquitto",
          "product": "mosquitto",
          "repo": "https://github.com/eclipse/mosquitto",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.0.18",
              "status": "affected",
              "version": "1.3.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Qingpeng Du"
        }
      ],
      "datePublic": "2024-10-30T11:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
            }
          ],
          "value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-31T09:09:42.334Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190"
        },
        {
          "url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
        },
        {
          "url": "https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-10525",
    "datePublished": "2024-10-30T11:41:08.946Z",
    "dateReserved": "2024-10-30T09:50:22.568Z",
    "dateUpdated": "2025-11-03T20:36:24.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-3935 (GCVE-0-2024-3935)

Vulnerability from cvelistv5 – Published: 2024-10-30 11:45 – Updated: 2025-11-03 20:38

Title

Eclipse Mosquito: Double free vulnerability

Summary

Severity

6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CWE

CWE-415 - Double Free

Assigner

eclipse

References

3 references

URL	Tags
https://gitlab.eclipse.org/security/vulnerability…
https://mosquitto.org/blog/2024/10/version-2-0-19…
https://github.com/eclipse-mosquitto/mosquitto/co…

Impacted products

1 product

Vendor	Product	Version
Eclipse Foundation	mosquitto	Affected: 2.0.0 , ≤ 2.0.18 (semver)

Date Public

2024-10-30 11:44

Credits

song xiangpu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:mosquitto:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mosquitto",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThan": "2.0.18",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:27:07.940300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T17:11:09.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:38:15.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "mosquitto",
          "product": "mosquitto",
          "repo": "https://github.com/eclipse/mosquitto",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.0.18",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "song xiangpu"
        }
      ],
      "datePublic": "2024-10-30T11:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
            }
          ],
          "value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-31T09:12:11.012Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197"
        },
        {
          "url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/"
        },
        {
          "url": "https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse Mosquito: Double free vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-3935",
    "datePublished": "2024-10-30T11:45:23.506Z",
    "dateReserved": "2024-04-17T17:12:36.491Z",
    "dateUpdated": "2025-11-03T20:38:15.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8376 (GCVE-0-2024-8376)

Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-31 09:15

Title

Memory leak

Summary

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime
CWE-416 - Use After Free
CWE-755 - Improper Handling of Exceptional Conditions

Assigner

eclipse

References

8 references

URL	Tags
https://gitlab.eclipse.org/security/vulnerability…	issue-tracking
https://gitlab.eclipse.org/security/vulnerability…	issue-tracking
https://gitlab.eclipse.org/security/vulnerability…	issue-tracking
https://gitlab.eclipse.org/security/vulnerability…	issue-tracking
https://gitlab.eclipse.org/security/cve-assigneme…	vendor-advisory
https://github.com/eclipse/mosquitto/releases/tag…	patch
https://mosquitto.org/	product
https://github.com/eclipse-mosquitto/mosquitto/co…	patch

Impacted products

1 product

Vendor	Product	Version
Eclipse Foundation	Mosquitto	Affected: 2.0.18 Unaffected: 2.0.19

Credits

Roman Kraus (Fraunhofer FOKUS) Steffen Lüdtke (Fraunhofer FOKUS) Martin Schneider (Fraunhofer FOKUS) Ramon Barakat (Fraunhofer FOKUS)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T15:25:39.508033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T15:25:54.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "mosquitto",
          "product": "Mosquitto",
          "repo": "https://github.com/eclipse/mosquitto",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.18"
            },
            {
              "status": "unaffected",
              "version": "2.0.19"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Roman Kraus (Fraunhofer FOKUS)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Steffen L\u00fcdtke (Fraunhofer FOKUS)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Martin Schneider (Fraunhofer FOKUS)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ramon Barakat (Fraunhofer FOKUS)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.\u003cbr\u003e"
            }
          ],
          "value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-31T09:15:30.149Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://mosquitto.org/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Memory leak",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-8376",
    "datePublished": "2024-10-11T15:18:54.142Z",
    "dateReserved": "2024-09-02T13:50:51.894Z",
    "dateUpdated": "2024-10-31T09:15:30.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2025-033

CVE-2024-10525 (GCVE-0-2024-10525)

CVE-2024-3935 (GCVE-0-2024-3935)

CVE-2024-8376 (GCVE-0-2024-8376)

Tags

Sightings

Nomenclature