Eclipse Mosquitto
5 CVEs affecting Eclipse Mosquitto. Latest disclosed: 2023-10-18. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5632 | High | 7.5 | 2023-10-18 | In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, w… |
CVE-2017-7650 | Medium | 6.5 | 2017-09-11 | In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely conn… |
CVE-2023-3592 | Medium | 5.8 | 2023-10-02 | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. |
CVE-2023-0809 | Medium | 5.8 | 2023-10-02 | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |
CVE-2017-9868 | Medium | 5.5 | 2017-06-25 | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. |