CVE-2024-10525 | Eclipse Mosquitto up to 2.0.18 SUBACK Packet on_subscribe heap-based overflow (Issue 190)

Posted by Angelo Barbosa | Oct 30, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Eclipse Mosquitto up to 2.0.18. Affected by this issue is the function on_subscribe of the component SUBACK Packet Handler. The manipulation leads to heap-based buffer overflow.

This vulnerability is handled as CVE-2024-10525. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-10525 | Eclipse Mosquitto up to 2.0.18 SUBACK Packet on_subscribe heap-based overflow (Issue 190)

Related Posts

CVE-2023-6384 | WP User Profile Avatar Plugin up to 1.0.0 on WordPress authorization

CVE-2024-41019 | Linux Kernel up to 5.15.163/6.1.101/6.6.42/6.9.11/6.10.1 ntfs3 out-of-bounds

CVE-2023-43449 | HummerRisk up to 1.4.1 LicenseService Privilege Escalation (Issue 446)

CVE-2019-20458 | Epson Expression Home XP255 20.08.FM10I8 empty password in configuration file