« List of all CVEs

CVE-2023-3592

Published: 10/2/2023 Last updated: 2/13/2025 Reserved: 7/10/2023

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

CNA assigner: eclipse (e51fbebd-6053-4e49-959f-1b94eeb69a2c) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.8 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Opam packages affected (1)

conf-libmosquitto

Products affected (1)

Product Vendor Version
Mosquitto Eclipse 16.6.1

References (4)