Known Vulnerabilities for Mosquitto by Eclipse
Listed below are 10 of the newest known vulnerabilities associated with "Mosquitto" by "Eclipse".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties ... | 7.5 - HIGH | 2021-12-01 | 2023-10-02 |
| CVE-2021-34434 | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subs... | 5.3 - MEDIUM | 2021-08-30 | 2023-11-07 |
| CVE-2021-34432 | In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic... | 7.5 - HIGH | 2021-07-27 | 2021-08-17 |
| CVE-2021-34431 | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT... | 6.5 - MEDIUM | 2021-07-22 | 2021-08-03 |
| CVE-2021-28166 | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNAC... | 6.5 - MEDIUM | 2021-04-07 | 2021-04-13 |
| CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that co... | 6.5 - MEDIUM | 2019-09-19 | 2023-11-07 |
| CVE-2019-11778 | If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a ... | 5.4 - MEDIUM | 2019-09-18 | 2019-10-09 |
| CVE-2018-12550 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or cont... | 8.1 - HIGH | 2019-03-27 | 2019-10-09 |
| CVE-2018-12546 | In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its acc... | 6.5 - MEDIUM | 2019-03-27 | 2020-08-28 |
| CVE-2018-12543 | In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $... | 7.5 - HIGH | 2018-11-15 | 2019-10-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Mosquitto | 1.6.6 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6.5 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6.4 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6.3 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6.2 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6.1 | All | All | All |
| Application | Eclipse | Mosquitto | 1.6 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.9 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.8 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.7 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.6 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.5 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.4 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.3 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.2 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5.1 | All | All | All |
| Application | Eclipse | Mosquitto | 1.5 | All | All | All |
| Application | Eclipse | Mosquitto | 1.4.9 | All | All | All |
| Application | Eclipse | Mosquitto | 1.4.8 | All | All | All |
| Application | Eclipse | Mosquitto | 1.4.7 | All | All | All |