Known Vulnerabilities for Mosquitto by Eclipse
Listed below are 10 of the newest known vulnerabilities associated with "Mosquitto" by "Eclipse".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-28366 json | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client s... | 7.5 - HIGH | 2023-09-01 | 2024-01-07 |
| CVE-2023-5632 json | In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes... | 7.5 - HIGH | 2023-10-18 | 2023-10-25 |
| CVE-2023-3592 json | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains inval... | 7.5 - HIGH | 2023-10-02 | 2024-01-07 |
| CVE-2023-0809 json | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 - MEDIUM | 2023-10-02 | 2024-01-07 |
| CVE-2021-41039 json | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties ... | 7.5 - HIGH | 2021-12-01 | 2023-10-02 |
| CVE-2021-34434 json | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subs... | 5.3 - MEDIUM | 2021-08-30 | 2023-11-07 |
| CVE-2021-34432 json | In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic... | 7.5 - HIGH | 2021-07-27 | 2021-08-17 |
| CVE-2021-34431 json | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT... | 6.5 - MEDIUM | 2021-07-22 | 2021-08-03 |
| CVE-2021-28166 json | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNAC... | 6.5 - MEDIUM | 2021-04-07 | 2021-04-13 |
| CVE-2019-11779 json | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that co... | 6.5 - MEDIUM | 2019-09-19 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Mosquitto | 1.6.6 | |||
| Application | Eclipse | Mosquitto | 1.6.5 | |||
| Application | Eclipse | Mosquitto | 1.6.4 | |||
| Application | Eclipse | Mosquitto | 1.6.3 | |||
| Application | Eclipse | Mosquitto | 1.6.2 | |||
| Application | Eclipse | Mosquitto | 1.6.1 | |||
| Application | Eclipse | Mosquitto | 1.6 | |||
| Application | Eclipse | Mosquitto | 1.5.9 | |||
| Application | Eclipse | Mosquitto | 1.5.8 | |||
| Application | Eclipse | Mosquitto | 1.5.7 | |||
| Application | Eclipse | Mosquitto | 1.5.6 | |||
| Application | Eclipse | Mosquitto | 1.5.5 | |||
| Application | Eclipse | Mosquitto | 1.5.4 | |||
| Application | Eclipse | Mosquitto | 1.5.3 | |||
| Application | Eclipse | Mosquitto | 1.5.2 | |||
| Application | Eclipse | Mosquitto | 1.5.1 | |||
| Application | Eclipse | Mosquitto | 1.5 | |||
| Application | Eclipse | Mosquitto | 1.4.9 | |||
| Application | Eclipse | Mosquitto | 1.4.8 | |||
| Application | Eclipse | Mosquitto | 1.4.7 |