alpine · CVE-2024-8376

Quick triage

Priority: high Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2024-8376: 1 source package rows (mosquitto); 5 state rows across 4 repos (3.18-main, 3.19-main, 3.20-main, edge-main); fixed 0, open 5.

Description:

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

cvelogic Threat Intelligence