CVE-2024-10525
- Reference to the description:
- Description:
- In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
- Last updated date:
- 01/29/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/29/2025
- Reference url to background
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190