What is CVE-2024-10525?

CVE-2024-10525 is a vulnerability in Eclipse Foundation Mosquitto, classified under Heap-based Buffer Overflow. Published 2024-10-30.

Is CVE-2024-10525 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Eclipse Foundation Mosquitto

CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. T…

Vulnerability class: Buffer Overflow

EPSS: 0.579 (99.0th percentile) — read the EPSS interpretation.

Affected products

Eclipse Foundation Mosquitto — versions 1.3.2

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

w4zu/Debian_

References

gitlab.eclipse.org/security/vulnerability-reports/-/issues/190
mosquitto.org/blog/2024/10/version-2-0-19-released/
github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944…

Frequently asked questions

What is CVE-2024-10525?: CVE-2024-10525 is a vulnerability in Eclipse Foundation Mosquitto, classified under Heap-based Buffer Overflow. Published 2024-10-30.
Is CVE-2024-10525 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.