CVE-2024-3935
published 2024-10-30CVE-2024-3935: In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.76%
50.7th percentile
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mosquitto | < mosquitto 2.0.11-1.2+deb12u2 (bookworm) | mosquitto 2.0.11-1.2+deb12u2 (bookworm) |
| eclipse | mosquitto | >= 0 < 2.0.11-1+deb11u2 | 2.0.11-1+deb11u2 |
| eclipse | mosquitto | >= 0 < 2.0.11-1.2+deb12u2 | 2.0.11-1.2+deb12u2 |
| eclipse | mosquitto | >= 0 < 2.0.20-1 | 2.0.20-1 |
| eclipse | mosquitto | >= 0 < 2.0.20-1 | 2.0.20-1 |
| eclipse | mosquitto | >= 0 < 2.0.11-1ubuntu1.2 | 2.0.11-1ubuntu1.2 |
| eclipse | mosquitto | >= 0 < 0.15-2+deb7u3ubuntu0.1+esm1 | 0.15-2+deb7u3ubuntu0.1+esm1 |
| eclipse | mosquitto | >= 0 < 1.4.8-1ubuntu0.16.04.7+esm2 | 1.4.8-1ubuntu0.16.04.7+esm2 |
| eclipse | mosquitto | >= 0 < 1.4.15-2ubuntu0.18.04.3+esm2 | 1.4.15-2ubuntu0.18.04.3+esm2 |
| eclipse | mosquitto | >= 0 < 1.6.9-1ubuntu0.1~esm2 | 1.6.9-1ubuntu0.1~esm2 |
| eclipse | mosquitto | >= 0 < 2.0.18-1ubuntu0.1~esm1 | 2.0.18-1ubuntu0.1~esm1 |
| eclipse | mosquitto | >= 2.0.0 < 2.0.19 | 2.0.19 |
| eclipse_foundation | mosquitto | 2.0.0 – 2.0.18 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.0MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.2HIGH
vendor_ubuntu9.8CRITICAL
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mosquitto vulnerabilities
osv·2025-04-16·CVSS 7.2
CVE-2024-10525 [HIGH] mosquitto vulnerabilities
mosquitto vulnerabilities
It was discovered that Eclipse Mosquitto client incorrectly handled
memory when receiving a SUBACK packet. An attacker with a malicious
broker could possibly use this issue to execute arbitrary code or
cause a denial of service. (CVE-2024-10525)
Xiangpu Song discovered that Eclipse Mosquitto broker did not properly
manage memory under certain circumstances. A malicious client with a
remote connection could possibly use this issue to cause the broker to
crash resulting in a denial of service, or another unspecified impact.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-3935)
OSV
CVE-2024-3935: In Eclipse Mosquito, versions from 2
osv·2024-10-30·CVSS 6.0
CVE-2024-3935 [MEDIUM] CVE-2024-3935: In Eclipse Mosquito, versions from 2
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
GHSA
GHSA-r5mw-c5jc-r788: In Eclipse Mosquito, versions from 2
ghsa_unreviewed·2024-10-30
CVE-2024-3935 [MEDIUM] CWE-415 GHSA-r5mw-c5jc-r788: In Eclipse Mosquito, versions from 2
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Ubuntu
Eclipse Mosquitto vulnerabilities
vendor_ubuntu·2025-04-16·CVSS 9.8
CVE-2024-10525 [CRITICAL] Eclipse Mosquitto vulnerabilities
Title: Eclipse Mosquitto vulnerabilities
Summary: Several security issues were fixed in Eclipse Mosquitto.
It was discovered that Eclipse Mosquitto client incorrectly handled
memory when receiving a SUBACK packet. An attacker with a malicious
broker could possibly use this issue to execute arbitrary code or
cause a denial of service. (CVE-2024-10525)
Xiangpu Song discovered that Eclipse Mosquitto broker did not properly
manage memory under certain circumstances. A malicious client with a
remote connection could possibly use this issue to cause the broker to
crash resulting in a denial of service, or another unspecified impact.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-3935)
Instructions: In general, a standard system update will make all the necessary ch
Debian
CVE-2024-3935: mosquitto - In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker i...
vendor_debian·2024·CVSS 6.0
CVE-2024-3935 [MEDIUM] CVE-2024-3935: mosquitto - In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker i...
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Scope: local
bookworm: resolved (fixed in 2.0.11-1.2+deb12u2)
bullseye: resolved (fixed in 2.0.11-1+deb11u2)
forky: resolved (fixed in 2.0.20-1)
sid: resolved (fixed in 2.0.20-1)
trixie: resolved (fixed in 2.0.20-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-30
Published