{"id":"CVE-2024-8376","summary":"Memory leak","details":"In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.","modified":"2026-05-16T03:56:11.734826919Z","published":"2024-10-11T15:18:54.142Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8376.json","cna_assigner":"eclipse","cwe_ids":["CWE-401","CWE-416","CWE-755"]},"references":[{"type":"WEB","url":"https://mosquitto.org/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8376.json"},{"type":"ADVISORY","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8376"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"},{"type":"FIX","url":"https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"},{"type":"FIX","url":"https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"},{"type":"PACKAGE","url":"https://github.com/eclipse/mosquitto"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N"}]}