Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Eclipse Mosquitto 安全漏洞
Vulnerability Description
Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto 1.3.2 到 2.0.16版本存在安全漏洞,该漏洞源于libc 发送函数中对 EAGAIN 的错误处理,代理存在内存泄漏,当客户端发送许多具有重复消息 ID 的 QoS 2 消息并且无法响应 PUBREC 命令时,该代理可能会被远程滥用。
CVSS Information
N/A
Vulnerability Type
N/A