exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2023-28366

Status Candidate

Overview

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

Related Files

Gentoo Linux Security Advisory 202401-09
Posted Jan 8, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-9 - Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service. Versions greater than or equal to 2.0.17 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2023-0809, CVE-2023-28366, CVE-2023-3592
SHA-256 | 7d7265303e72af173f7cec8992c7edfbc7e2eb14e1fde53683cd6dc9a7c3df1b
Ubuntu Security Notice USN-6492-1
Posted Nov 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6492-1 - Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause an authorisation bypass. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-34431, CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-28366, CVE-2023-3592
SHA-256 | 8afa51ddd6fc11641b55e0d1a848ec61be70bbc1dbd56775c52c42cf1a85cb07
Debian Security Advisory 5511-1
Posted Oct 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-28366, CVE-2023-3592
SHA-256 | 1518e0099ccd906d33af69afafa10ef3ebd6d28f34c143d4f89b8e793d316b29
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close