CVE-2019-17389

2019-10-09T17:15:00
ID CVE-2019-17389
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.