CNNVD-202512-267 Information

CNNVD ID

CNNVD-202512-267

Related CVE

CVE-2025-10543

• CNNVD Published: 2025-12-02

Description (Chinese)

Eclipse Paho Go MQTT v3.1 library是Eclipse基金会的一个Go语言软件库。 Eclipse Paho Go MQTT v3.1 library 1.5.0及之前版本存在安全漏洞，该漏洞源于未检查数据长度转换时的溢出，可能导致数据包内容泄露。

Description (English)

Eclipse Paho Go MQTT v3.1 library is a Go language software library of the Eclipse Foundation. Eclipse Paho Go MQTT v3.1 release 1.5.0 and previous versions have a security loophole, which results from spills when the length conversion of data is not checked and may result in leaking the contents of the package.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse

Published

2025-12-02

Last Modified

2026-02-24

References

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/254 https://vigilance.fr/vulnerability/Eclipse-Paho-Go-MQTT-out-of-bounds-memory-reading-via-UTF-8-Encoded-Strings-49186

Patch

https://github.com/eclipse-paho/paho.mqtt.golang/releases