CVE-2024-10525

{"id": "CVE-2024-10525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.2, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-30T12:15:02.787", "references": [{"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c", "tags": ["Patch"], "source": "emo@eclipse.org"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/", "tags": ["Release Notes"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients."}, {"lang": "es", "value": "En Eclipse Mosquitto, desde la versi\u00f3n 1.3.2 hasta la 2.0.18, si un agente malintencionado env\u00eda un paquete SUBACK manipulado sin c\u00f3digos de motivo, un cliente que utilice libmosquitto puede realizar un acceso a la memoria fuera de los l\u00edmites cuando act\u00fae en su devoluci\u00f3n de llamada on_subscribe. Esto afecta a los clientes mosquitto_sub y mosquitto_rr."}], "lastModified": "2025-01-29T17:04:54.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB81397-7EC9-43AF-A667-8BFC80BB65E4", "versionEndExcluding": "2.0.19", "versionStartIncluding": "1.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}