Login Sign Up

CVE-2024-8376

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Eclipse Mosquitto allows attackers to cause memory corruption through specific MQTT packet sequences, potentially leading to crashes or remote code execution. It affects all deployments running Mosquitto versions up to 2.0.18a. The vulnerability can be exploited by sending malicious CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, and PUBLISH packets.

💻 Affected Systems

Products:
  • Eclipse Mosquitto
Versions: All versions up to and including 2.0.18a
Operating Systems: All platforms running Mosquitto
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations are vulnerable as this is a core protocol handling issue.

📦 What is this software?

Mosquitto by Eclipse

View all CVEs affecting Mosquitto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Service disruption through crashes (segmentation faults) causing denial of service and potential memory corruption.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially only causing service restarts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires specific packet sequences but no authentication. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.19

Vendor Advisory: https://github.com/eclipse/mosquitto/releases/tag/v2.0.19

Restart Required: Yes

Instructions:

1. Download Mosquitto 2.0.19 from official repository. 2. Stop the Mosquitto service. 3. Backup configuration files. 4. Install the new version. 5. Restart the Mosquitto service.

🔧 Temporary Workarounds

Network Filtering

all

Implement network filtering to block suspicious MQTT packet sequences

Rate Limiting

all

Apply rate limiting to MQTT connections to reduce attack surface

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Mosquitto instances
  • Deploy intrusion detection systems to monitor for abnormal MQTT traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Mosquitto version with 'mosquitto -v' or 'dpkg -l | grep mosquitto' on Debian-based systems

Check Version:

mosquitto -v

Verify Fix Applied:

Verify version is 2.0.19 or higher using version check command

📡 Detection & Monitoring

Log Indicators:

  • Multiple rapid CONNECT/DISCONNECT sequences
  • Unexpected segmentation fault logs
  • Memory allocation errors

Network Indicators:

  • Abnormal MQTT packet sequences
  • Rapid connection churn
  • Unusual SUBSCRIBE/UNSUBSCRIBE patterns

SIEM Query:

source="mosquitto.log" AND ("segmentation fault" OR "memory leak" OR "heap-use-after-free")

📊 Metadata

CVE ID: CVE-2024-8376
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: October 11, 2024
Last Updated: November 15, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8376, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)