CVE-2024-3935

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-415
View all →

Vulnerability Description

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.

Related Vulnerabilities

CVE-2011-1803

MEDIUM
CVSS:6.5(Medium)

An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.

CWE-4152011

CVE-2015-1207

MEDIUM
CVSS:6.5(Medium)

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

CWE-4152015

CVE-2015-1239

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craft...

CWE-4152015

CVE-2017-12925

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.

CWE-4152017

CVE-2017-15186

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

CWE-4152017

CVE-2017-9287

MEDIUM
CVSS:6.5(Medium)

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged R...

CWE-4152017