Lucene search

[email protected]CVE-2017-2893

HistoryNov 07, 2017 - 4:29 p.m.

CVE-2017-2893

2017-11-0716:29:00

CWE-476

[email protected]

web.nvd.nist.gov

nvd

cve-2017-2893

mqtt

packet parsing

cesanta mongoose 6.8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.217 Low

EPSS

Percentile

96.4%

JSON

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

CPENameOperatorVersion
cesanta:mongoosecesanta mongooseeq6.8

CPE	Name	Operator	Version
cesanta:mongoose	cesanta mongoose	eq	6.8

References

www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.217 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2017-2893

seebug1 osv1 debiancve1 talos1 ubuntucve1 prion1 redhatcve2 talosblog1 openvas1