CVE-2023-3592
First published: Mon Oct 02 2023(Updated: )
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
Credit: emo@eclipse.org emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.0.16 | ||
| Eclipse Mosquitto | <2.0.16 | |
| debian/mosquitto | <=2.0.11-1<=2.0.11-1.2 | 1.5.7-1+deb10u1 2.0.11-1+deb11u1 2.0.11-1.2+deb12u1 2.0.18-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this memory leak in Mosquitto?
The vulnerability ID for this memory leak in Mosquitto is CVE-2023-3592.
What is the severity level of CVE-2023-3592?
The severity level of CVE-2023-3592 is medium with a score of 5.8.
How can the memory leak in Mosquitto be triggered?
The memory leak in Mosquitto can be triggered when clients send v5 CONNECT packets with a will message that contains invalid property types.
Which versions of Mosquitto are affected by CVE-2023-3592?
Versions up to and including 2.0.11-1.2 of Mosquitto are affected by CVE-2023-3592.
How can I fix the memory leak in Mosquitto?
To fix the memory leak in Mosquitto, update to version 2.0.16 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- collector/security-tracker-debian
- vendor/eclipse
- canonical/eclipse mosquitto
- package-manager/debian