Unrated severityNVD Advisory· Published Oct 30, 2024· Updated Nov 3, 2025
Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback
CVE-2024-10525
Description
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Eclipse Foundation/mosquittov5Range: 1.3.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.