The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "185657097569852611019747651375616759342", "209999690193844261600657640824575817910", "262714375737707749729449280564698862210", "113544244559198413476088767394824743019", "267326251227741227197648920533818928064", "258436533882721292395021596467209051712", "38258990596941702244179043958296589558", "119411380312742334604849879756551226859" ], "threshold": 0.9 }, "target": { "file": "src/mosquitto_broker_internal.h" }, "signature_type": "Line", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-18fe6b0d" }, { "digest": { "length": 449.0, "function_hash": "85713415389804966530401833418108576914" }, "target": { "function": "db__message_store_find", "file": "src/database.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-4041cf50" }, { "digest": { "line_hashes": [ "85203686617921334122931309773104782963", "23710556715149150766442125768545781868", "210377574969576755433176658404951119394", "204906490012894040605311080370175016273", "51352871825099287746636005341958809218", "245244588927891881347402652768491592215", "54295819527118058986274638999235741974", "58709611487170278350570706896418535961", "188966278038212901259644039296422802172", "121491130798754143747324310569218483875", "168060610469975286238834495121271480872", "243818753959484974924245613947040707726", "297675887811281111375073487685650940132", "246850466772222792007061566176411145115", "77708104591149058527723804449298898991", "123444508129672236059738110656937916737", "142485415968948635100957916050997029583", "130800659897187911907908921749501487661", "36939496372981492002085358367676240982", "250516870905248432996061988432922308808", "287564889603778662247497187946842618330", "155087356402055952260675224759308718474", "275552698052329306921886093080860526025", "338528681314502582076781088000297311081", "16779954185988160979003386046327961021", "218649294123002592778200418528830991825", "273435754704731026736493754668513711278", "60714744432978357492609945350922132610", "235384048632786554176168446497430582357", "108443995581779879963057415523552774923", "54242442024042696381071677310349715624" ], "threshold": 0.9 }, "target": { "file": "src/context.c" }, "signature_type": "Line", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-4453460c" }, { "digest": { "line_hashes": [ "225965478467171857860656219612627121543", "63721077317531796186912104735605219472", "22148613686247422070126237315808800640", "238133653920736806746653033640862334268" ], "threshold": 0.9 }, "target": { "file": "lib/packet_mosq.c" }, "signature_type": "Line", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-48c5accd" }, { "digest": { "length": 8123.0, "function_hash": "338417446044378657496509570798799570994" }, "target": { "function": "handle__publish", "file": "src/handle_publish.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-4b0d7dea" }, { "digest": { "length": 3919.0, "function_hash": "222293763873296556295253402508700892342" }, "target": { "function": "db__message_insert", "file": "src/database.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-525fc655" }, { "digest": { "length": 1333.0, "function_hash": "231931202059463799750601680517501328194" }, "target": { "function": "context__cleanup", "file": "src/context.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-60797d52" }, { "digest": { "length": 1103.0, "function_hash": "218124366995381517271089606604789197252" }, "target": { "function": "db__message_reconnect_reset_incoming", "file": "src/database.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-6d125e39" }, { "digest": { "length": 1021.0, "function_hash": "330822850778733328937627821807772393537" }, "target": { "function": "packet__queue", "file": "lib/packet_mosq.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-8ec8a4ad" }, { "digest": { "line_hashes": [ "148439698011285391229640061018503430027", "193884157198562109043756986446713071976", "268003913166940693463062613495572534257", "93470212933095506833207828998433787810", "293107920441093381621252540661695309611", "336532612033272413080647424215056336069", "245924028653862352046537516774580852512", "74417911621137080103795416538909655404", "328075285344273315498438826831010426003", "304469103496518714834391001078704961238", "332587571481897972826159236719468804201", "40450941149050339815895393838279785142", "225955851564214513469217147877023588670", "328105555249107538572249262310816041821", "314480754195177696370134266832588423749", "146211253344956192068600435308919490182", "132914049417686246454038195254647643029", "95806376992962230322255433018387416933", "93837510039468956996497695731577358007", "23677607537286836238448924762470603030", "251222506798970475529777658928779129044", "283223184173968883229575944683387597517", "307764528710670872279970593473122935492", "58628656801337995269213552703815642945", "265926370144549717911044797555011939509", "91832543265055739855786434351985934430", "67465570707883692632569180673446647501", "184166377919721310123633532536529351387", "266469381569079615469150354937275797959", "97309920803553867694542915966063473647", "76559853429473989291511760230405249373", "140462194964642300357372699844123312989", "207719362532559643412451287535093255728", "150686266850373025179799122922690869415", "267328691234684908791127483306560718663", "206185782990939382613289094370393296663", "336006815494273437783699405605596333829", "167547682325729722904831960139387663364", "65229955881621229300816929559970842825" ], "threshold": 0.9 }, "target": { "file": "src/handle_publish.c" }, "signature_type": "Line", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-9c2297e8" }, { "digest": { "line_hashes": [ "284678144602391982994741495688595127901", "90062418651277654235375254877308322526", "224031563416308138894487923223533272956", "244599704645840444909880365514971371229", "78662440587358656246339311389981312177", "328063314687465075133178712133833691034", "62673009183996010787818217947648658054", "240263279487715468915157496214607161583", "247437316759576094971340365246653075609", "114218428937112973780808941413862499688", "242220292696304958028714010603222851131", "97079123716153341892737296187379036344", "294716412097021236032413834554423723542", "245920043064185822569838423269335786319", "273659591907738510577578512014471303005", "165259626786758636005208053484067052757", "178959403323700001956541817957481877273", "285119442359140001652079688237916066386", "306062678102705011271277749035424012842", "306319640997064409408073339233210381591", "148390245304517491942904999764551877431", "4702898437259336030350534267538890076", "248589991316103867921190238552187422090", "285119442359140001652079688237916066386", "306062678102705011271277749035424012842", "297272486308017044681635062932426071974", "115232683780470693634812417872905333870", "2301202664678743650681758272746296199", "116566664999041821562625025468768441196", "265586209421451058600815514989867795147", "44861951891768416736155973252923372829" ], "threshold": 0.9 }, "target": { "file": "src/database.c" }, "signature_type": "Line", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-ca260b6a" }, { "digest": { "length": 1530.0, "function_hash": "138258085877140207332658078789223145234" }, "target": { "function": "context__init", "file": "src/context.c" }, "signature_type": "Function", "source": "https://github.com/eclipse-mosquitto/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", "deprecated": false, "signature_version": "v1", "id": "CVE-2023-28366-ca379b88" } ] }