CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c	Patch
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190	Exploit Issue Tracking Vendor Advisory
https://mosquitto.org/blog/2024/10/version-2-0-19-released/	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*

History

29 Jan 2025, 17:04

Type	Values Removed	Values Added
First Time		Eclipse mosquitto Eclipse
CPE		cpe:2.3:a:eclipse:mosquitto::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-787
References	~~() https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c -~~	() https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c - Patch
References	~~() https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190 -~~	() https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://mosquitto.org/blog/2024/10/version-2-0-19-released/ -~~	() https://mosquitto.org/blog/2024/10/version-2-0-19-released/ - Release Notes

09 Jan 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : unknown

31 Oct 2024, 10:15

Type	Values Removed	Values Added
References		() https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c -

30 Oct 2024, 14:35

Type	Values Removed	Values Added
Summary		(es) En Eclipse Mosquitto, desde la versión 1.3.2 hasta la 2.0.18, si un agente malintencionado envía un paquete SUBACK manipulado sin códigos de motivo, un cliente que utilice libmosquitto puede realizar un acceso a la memoria fuera de los límites cuando actúe en su devolución de llamada on_subscribe. Esto afecta a los clientes mosquitto_sub y mosquitto_rr.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

30 Oct 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-30 12:15

Updated : 2025-01-29 17:04

NVD link : CVE-2024-10525

Mitre link : CVE-2024-10525

CVE.ORG link : CVE-2024-10525

JSON object : View

Products Affected

eclipse

mosquitto

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

9.8 /10