- Vulnerability/
- USN-7441-1
USN-7441-1: Eclipse Mosquitto vulnerabilities
First published: Wed Apr 16 2025(Updated: )
It was discovered that Eclipse Mosquitto client incorrectly handled memory when receiving a SUBACK packet. An attacker with a malicious broker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2024-10525) Xiangpu Song discovered that Eclipse Mosquitto broker did not properly manage memory under certain circumstances. A malicious client with a remote connection could possibly use this issue to cause the broker to crash resulting in a denial of service, or another unspecified impact. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3935)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libmosquitto1 | <2.0.18-1ubuntu0.1~esm1 | 2.0.18-1ubuntu0.1~esm1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libmosquittopp1 | <2.0.18-1ubuntu0.1~esm1 | 2.0.18-1ubuntu0.1~esm1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/mosquitto | <2.0.18-1ubuntu0.1~esm1 | 2.0.18-1ubuntu0.1~esm1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <2.0.18-1ubuntu0.1~esm1 | 2.0.18-1ubuntu0.1~esm1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libmosquitto1 | <2.0.11-1ubuntu1.2 | 2.0.11-1ubuntu1.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libmosquittopp1 | <2.0.11-1ubuntu1.2 | 2.0.11-1ubuntu1.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/mosquitto | <2.0.11-1ubuntu1.2 | 2.0.11-1ubuntu1.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <2.0.11-1ubuntu1.2 | 2.0.11-1ubuntu1.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libmosquitto1 | <1.6.9-1ubuntu0.1~esm2 | 1.6.9-1ubuntu0.1~esm2 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libmosquittopp1 | <1.6.9-1ubuntu0.1~esm2 | 1.6.9-1ubuntu0.1~esm2 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/mosquitto | <1.6.9-1ubuntu0.1~esm2 | 1.6.9-1ubuntu0.1~esm2 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <1.6.9-1ubuntu0.1~esm2 | 1.6.9-1ubuntu0.1~esm2 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libmosquitto1 | <1.4.15-2ubuntu0.18.04.3+esm2 | 1.4.15-2ubuntu0.18.04.3+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libmosquittopp1 | <1.4.15-2ubuntu0.18.04.3+esm2 | 1.4.15-2ubuntu0.18.04.3+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/mosquitto | <1.4.15-2ubuntu0.18.04.3+esm2 | 1.4.15-2ubuntu0.18.04.3+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <1.4.15-2ubuntu0.18.04.3+esm2 | 1.4.15-2ubuntu0.18.04.3+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libmosquitto1 | <1.4.8-1ubuntu0.16.04.7+esm2 | 1.4.8-1ubuntu0.16.04.7+esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libmosquittopp1 | <1.4.8-1ubuntu0.16.04.7+esm2 | 1.4.8-1ubuntu0.16.04.7+esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/mosquitto | <1.4.8-1ubuntu0.16.04.7+esm2 | 1.4.8-1ubuntu0.16.04.7+esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <1.4.8-1ubuntu0.16.04.7+esm2 | 1.4.8-1ubuntu0.16.04.7+esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libmosquitto0 | <0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libmosquittopp0 | <0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| Ubuntu | =14.04 | |
| All of | ||
| ubuntu/mosquitto | <0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| Ubuntu | =14.04 | |
| All of | ||
| ubuntu/mosquitto-clients | <0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| Ubuntu | =14.04 | |
| All of | ||
| ubuntu/python-mosquitto | <0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-7441-1?
The vulnerability reported in USN-7441-1 can potentially lead to remote code execution or denial of service.
How do I fix USN-7441-1?
To remediate USN-7441-1, update to the recommended package versions available for your Ubuntu installation.
Which packages are affected by USN-7441-1?
USN-7441-1 affects multiple Mosquitto-related packages including libmosquitto1, mosquitto, and mosquitto-clients across several Ubuntu versions.
Can USN-7441-1 be exploited remotely?
Yes, USN-7441-1 can be exploited by an attacker via a malicious broker.
What systems are impacted by USN-7441-1?
Systems running Ubuntu 14.04, 16.04, 18.04, 20.04, 22.04, or 24.04 that have the affected Mosquitto packages installed are impacted by USN-7441-1.
- agent/title
- agent/references
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.04
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/16.04
- version/ubuntu/14.04