pkg:Debian/mosquitto
38 total CVEsCRITICAL2HIGH18MEDIUM18
✅ Check your installed version
All known vulnerabilities
- from 0, < 2.0.11-1+deb11u2
- from 0, < 2.0.11-1+deb11u2
- HIGH8.1CVE-2018-12551When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the…from 0, < 1.5.6-1
- HIGH8.1CVE-2018-12550When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comm…from 0, < 1.5.6-1
- HIGH7.5CVE-2024-8376In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending sp…from 0
- HIGH7.5CVE-2023-5632In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT…from 0, < 2.0.7-1
- HIGH7.5CVE-2023-3592In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property ty…from 0, < 2.0.11-1+deb11u1
- HIGH7.5CVE-2023-28366The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS…from 0, < 2.0.11-1+deb11u1
- HIGH7.5CVE-2021-41039In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause ex…from 0, < 2.0.11-1+deb11u1
- HIGH7.5CVE-2021-34432In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.from 0, < 2.0.8-1
- from 0, < 1.5.4-1
- from 0, < 1.3.4-2+deb8u4
- from 0, < 1.4.10-3+deb9u5
- HIGH7.5CVE-2018-20145Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was i…from 0, < 1.5.5-1
- HIGH7.5CVE-2017-7654In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker.from 0, < 1.5.4-1
- HIGH7.5CVE-2017-7652In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers…from 0, < 1.4.15-1
- from 0, < 1.4.15-1
- from 0, < 1.4.10-3+deb9u2
- from 0, < 1.3.4-2+deb8u2
- from 0, < 0.15-2+deb7u3
- MEDIUM6.5CVE-2024-3935In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and t…from 0, < 2.0.11-1+deb11u2
- MEDIUM6.5CVE-2021-34431In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to th…from 0, < 2.0.11-1
- MEDIUM6.5CVE-2021-28166In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to t…from 0, < 2.0.10-1
- from 0, < 1.6.6-1
- from 0, < 1.5.7-1+deb10u1
- from 0, < 1.5.6-1
- from 0, < 1.4.10-3+deb9u3
- from 0, < 0.15-2+deb7u1
- from 0, < 1.4.10-3
- from 0, < 1.3.4-2+deb8u1
- from 0, < 1.4.14-1
- from 0, < 0.15-2+deb7u2
- MEDIUM5.4CVE-2019-11778If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay int…from 0, < 1.6.6-1
- MEDIUM5.3CVE-2023-0809In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.from 0, < 2.0.11-1+deb11u1
- from 0, < 2.0.11-1+deb11u1
- from 0, < 2.0.11-1+deb11u1
- from 0, < 1.3.4-2+deb8u3
- from 0, < 1.5.4-1