CVE-2024-8376: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd7f355db511e64b84d639a2a4062c36a66cef9 commit fcd7f355db511e64b84d639a2a4062c36a66cef9 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-11-12 02:35:41 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-11-12 02:35:47 +0000 app-misc/mosquitto: Drop old versions Bug: https://bugs.gentoo.org/942139 Signed-off-by: Matt Turner <mattst88@gentoo.org> app-misc/mosquitto/Manifest | 1 - app-misc/mosquitto/mosquitto-2.0.18.ebuild | 134 ----------------------------- 2 files changed, 135 deletions(-)