The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-01T00:00:00
Updated: 2024-01-07T10:06:19.321332
Reserved: 2023-03-15T00:00:00
Link: CVE-2023-28366
JSON object: View
NVD Information
Status : Modified
Published: 2023-09-01T16:15:07.790
Modified: 2024-01-07T10:15:08.467
Link: CVE-2023-28366
JSON object: View
Redhat Information
No data.
CWE