Untriaged
Memory leak
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
References
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227 issue-tracking
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/26 vendor-advisory
- https://github.com/eclipse/mosquitto/releases/tag/v2.0.19 patch
- https://mosquitto.org/ product
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218 issue-tracking
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227 issue-tracking
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/26 vendor-advisory
- https://github.com/eclipse/mosquitto/releases/tag/v2.0.19 patch
- https://mosquitto.org/ product
- https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbb… patch
Affected products
mosquitto
- ==2.0.18
- ==2.0.19
Matching in nixpkgs
pkgs.haskellPackages.mosquitto-hs
Mosquitto client library bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.chickenPackages_5.chickenEggs.mosquitto
Bindings to mosquitto MQTT client library
-
nixos-unstable -
- nixpkgs-unstable 0.1.5
Package maintainers
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>