CVE-2024-3935
MEDIUMCVSS v3
6.5
MEDIUM
EPSS Score
0.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Technical Details
- Published
- 10/30/2024
Frequently Asked Questions
What is CVE-2024-3935?
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Is CVE-2024-3935 actively exploited?
Active exploitation of CVE-2024-3935 has not been confirmed. The EPSS score is 0.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-3935?
CVE-2024-3935 has a CVSS v3 base score of 6.5 (MEDIUM severity).
Is CVE-2024-3935 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.