Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 942139 (CVE-2024-8376) - <app-misc/mosquitto-2.0.20: memory leaking, segmentation fault or heap-use-after-free from crafted packets
Summary: <app-misc/mosquitto-2.0.20: memory leaking, segmentation fault or heap-use-af...
Status: CONFIRMED
Alias: CVE-2024-8376
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://mosquitto.org/blog/2024/10/ve...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 942140
Blocks:
  Show dependency tree
 
Reported: 2024-10-25 15:28 UTC by Christopher Fore
Modified: 2024-11-15 15:58 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-10-25 15:28:19 UTC
CVE-2024-8376:

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Comment 1 Larry the Git Cow gentoo-dev 2024-11-12 02:36:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd7f355db511e64b84d639a2a4062c36a66cef9

commit fcd7f355db511e64b84d639a2a4062c36a66cef9
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-11-12 02:35:41 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-11-12 02:35:47 +0000

    app-misc/mosquitto: Drop old versions
    
    Bug: https://bugs.gentoo.org/942139
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 app-misc/mosquitto/Manifest                |   1 -
 app-misc/mosquitto/mosquitto-2.0.18.ebuild | 134 -----------------------------
 2 files changed, 135 deletions(-)