Home > Vulnerability Database > CVE-2024-3935

Mend.io Vulnerability Database

CVE-2024-3935

Date: October 30, 2024

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

Language: C

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3935

Url: https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9

Url: https://mosquitto.org/blog/2024/10/version-2-0-19-released/

Url: https://security-tracker.debian.org/tracker/CVE-2024-3935

Url: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197

Url: https://www.mend.io/vulnerability-database/CVE-2024-3935

Severity Score

7.5

Weakness Type (CWE)

Double Free

CWE-415

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3935

Date: October 30, 2024

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?