VYPR
Unrated severityNVD Advisory· Published Sep 1, 2023· Updated Jun 26, 2025

CVE-2023-28366

CVE-2023-28366

Description

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Eclipse/Mosquittocpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: >=1.3.2, <2.0.16

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.