From this webpage screenshot, we can obtain the following key information about the vulnerability: 1. Vulnerability Description: - Vulnerability Name: Double free vulnerability in Mosquitto - Affected Versions: Mosquitto versions 2.0.9 and 2.0.15 - Description: In bridge mode, when Mosquitto actively establishes a bridge connection with any remote MQTT broker, if the remote broker sends a crafted PUBLISH packet to the broker, it may trigger a double free vulnerability, causing the program to crash. 2. Vulnerability Trigger Conditions: - Trigger Condition: In bridge mode, when Mosquitto actively establishes a bridge connection with any remote MQTT broker. - Trigger Method: Remote broker sends a crafted PUBLISH packet to the broker. 3. Vulnerability Impact: - Affected Versions: Mosquitto versions 2.0.0 to 2.0.18 inclusive - Impact Scope: Almost all versions. 4. Vulnerability Reproduction Steps: - Steps: 1. Run Python script: 2. Run Mosquitto: 3. Observe the vulnerability occurrence 5. Vulnerability Fix: - CVE ID: CVE-2024-3935 - Fix Plan: Planned to be fixed in the next version. 6. Vulnerability Report: - Reporter: song xiangpu - Report Time: 6 months ago 7. Vulnerability Status: - Status: Fixed - Fix Time: 3 days ago This information helps us understand the nature, impact scope, and remediation status of the vulnerability.