[mosquitto-dev] Security update: CVE-2021-34432

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] Security update: CVE-2021-34432

From: Roger Light <roger@xxxxxxxxxx>
Date: Tue, 17 Aug 2021 21:53:23 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Dear all,

Mosquitto versions 2.0.0 to 2.0.7 was affected by a bug where the
broker would cause a segmentation fault if a client sent a topic with
length zero. A change was included in version 2.0.8 that fixed the
issue without it being identified.

This is your reminder to update to the latest 2.0.x release if you
have not already done so.

Thanks to Peter Korsgaard for finding and reporting the issue.

Regards,

Roger

Follow-Ups:
- Re: [mosquitto-dev] Security update: CVE-2021-34432
  - From: Peter Korsgaard

Prev by Date: Re: [mosquitto-dev] Fuzzing of mosquitto library and broker
Next by Date: Re: [mosquitto-dev] Security update: CVE-2021-34432
Previous by thread: [mosquitto-dev] Fuzzing of mosquitto library and broker
Next by thread: Re: [mosquitto-dev] Security update: CVE-2021-34432
Index(es):
- Date
- Thread

Breadcrumbs