CVE-2024-8376: Improper Handling of Exceptional Conditions

October 11, 2024 (updated April 8, 2025)

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of ‘CONNECT’, ‘DISCONNECT’, ‘SUBSCRIBE’, ‘UNSUBSCRIBE’ and ‘PUBLISH’ packets.

References

gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/318
nvd.nist.gov/vuln/detail/CVE-2024-8376

Code Behaviors & Features

Detect and mitigate CVE-2024-8376 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →