{"id":"CVE-2024-10525","details":"In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.","modified":"2026-04-12T10:59:04.417564Z","published":"2024-10-30T12:15:02.787Z","related":["openSUSE-SU-2026:20260-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"},{"type":"ADVISORY","url":"https://mosquitto.org/blog/2024/10/version-2-0-19-released/"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190"},{"type":"FIX","url":"https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-mosquitto/mosquitto","events":[{"introduced":"0"},{"fixed":"8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c"}]},{"type":"GIT","repo":"https://github.com/eclipse/mosquitto","events":[{"introduced":"aa86554592d0f647b81b13f2261de9e0a1db328b"},{"fixed":"5eb40ee3d691fb3c2dc222685e7ffcf6e6a69a79"}],"database_specific":{"versions":[{"introduced":"1.3.2"},{"fixed":"2.0.19"}]}}],"versions":["v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.4.9","v1.5","v1.6","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2024-10525-34ff54b6","source":"https://github.com/eclipse/mosquitto/commit/5eb40ee3d691fb3c2dc222685e7ffcf6e6a69a79","signature_type":"Function","target":{"function":"bridge__connect_step1","file":"src/bridge.c"},"signature_version":"v1","digest":{"function_hash":"328300029930406813138797490881719136165","length":3362}},{"deprecated":false,"id":"CVE-2024-10525-8f382462","source":"https://github.com/eclipse/mosquitto/commit/5eb40ee3d691fb3c2dc222685e7ffcf6e6a69a79","signature_type":"Line","target":{"file":"src/bridge.c"},"signature_version":"v1","digest":{"line_hashes":["112744184638913340540592059009065155160","173647425033737941360091521005652606556","129426418706414116545542920680687959565","177013983548820522005115672949777997892","261027843247209851251118222858259184730"],"threshold":0.9}},{"deprecated":false,"id":"CVE-2024-10525-d05b89c8","source":"https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c","signature_type":"Function","target":{"function":"handle__suback","file":"lib/handle_suback.c"},"signature_version":"v1","digest":{"function_hash":"29036111489348541762894021766668069100","length":1918}},{"deprecated":false,"id":"CVE-2024-10525-fcb71ac0","source":"https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c","signature_type":"Line","target":{"file":"lib/handle_suback.c"},"signature_version":"v1","digest":{"line_hashes":["94950051260452402365347931505757235218","96581849340855976114804582782750664304","5849565670273732554841845849192978354","173389902800579440755348116221827973798"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10525.json","vanir_signatures_modified":"2026-04-12T10:59:04Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}