CVE-2024-3935

MEDIUM

CVSS v3

6.5

MEDIUM

EPSS Score

0.4%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

Technical Details

Published
10/30/2024

Frequently Asked Questions

What is CVE-2024-3935?

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

Is CVE-2024-3935 actively exploited?

Active exploitation of CVE-2024-3935 has not been confirmed. The EPSS score is 0.4%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-3935?

CVE-2024-3935 has a CVSS v3 base score of 6.5 (MEDIUM severity).

Is CVE-2024-3935 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.