Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback
Vulnerability Description
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
CVSS Information
N/A
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
Eclipse Mosquitto 安全漏洞
Vulnerability Description
Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto 1.3.2至2.0.18版本存在安全漏洞,该漏洞源于如果恶意代理发送一个没有原因代码的特制SUBACK数据包,使用libmosquitto的客户端在处理on_subscribe回调时,可能会发生越界内存访问。
CVSS Information
N/A
Vulnerability Type
N/A