CVE-2024-8376
Publication date 11 October 2024
Last updated 16 October 2024
Ubuntu priority
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mosquitto | 24.10 oracular |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-8376
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/26
- https://github.com/eclipse/mosquitto/releases/tag/v2.0.19
- https://mosquitto.org/