Information on source package mosquitto

Available versions

ReleaseVersion
jessie1.3.4-2+deb8u4
stretch1.4.10-3+deb9u5
buster1.5.7-1+deb10u1
bullseye2.0.11-1+deb11u1
bookworm2.0.11-1.2+deb12u1
trixie2.0.20-1
sid2.0.20-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-10525vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedIn Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ...
CVE-2024-8376vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedIn Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...
CVE-2024-3935vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedIn Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitt ...
CVE-2023-28366vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedThe broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...
CVE-2021-34432fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedIn Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...
CVE-2018-12546vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client pu ...

Resolved issues

BugDescription
CVE-2023-5632In Eclipse Mosquito before and including 2.0.5, establishing a connect ...
CVE-2023-3592In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...
CVE-2023-0809In Mosquitto before 2.0.16, excessive memory is allocated based on mal ...
CVE-2021-41039In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...
CVE-2021-34434In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...
CVE-2021-34431In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...
CVE-2021-28166In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...
CVE-2019-11779In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...
CVE-2019-11778If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...
CVE-2018-20145Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ...
CVE-2018-12551When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ...
CVE-2018-12550When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ...
CVE-2018-12543In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is ...
CVE-2017-9868In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) i ...
CVE-2017-7655In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...
CVE-2017-7654In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...
CVE-2017-7653The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ...
CVE-2017-7652In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running wi ...
CVE-2017-7651In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...
CVE-2017-7650In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clie ...

Security announcements

DSA / DLADescription
DSA-5511-1mosquitto - security update
DLA-2793-1mosquitto - security update
DSA-4570-1mosquitto - security update
DLA-1972-1mosquitto - security update
DSA-4388-2mosquitto - regression update
DSA-4388-1mosquitto - security update
DSA-4325-1mosquitto - security update
DLA-1525-1mosquitto - security update
DLA-1409-1mosquitto - security update
DLA-1334-1mosquitto - security update
DLA-1146-1mosquitto - security update
DSA-3865-1mosquitto - security update
DLA-961-1mosquitto - security update

Search for package or bug name: Reporting problems