Lucene search

GitHub Advisory DatabaseGHSA-GH78-48H3-FRJQ

HistoryMay 06, 2021 - 6:10 p.m.

Improper exception handling in Aedes

2021-05-0618:10:46

CWE-755

GitHub Advisory Database

github.com

aedes

moscajs

exception handling

invalid packet

stream

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.0%

JSON

An issue was discovered in MoscaJS Aedes 0.42.0 and fixed in 0.42.1. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

Affected configurations

Vulners

Node

aedes_projectaedesRange<0.42.1

VendorProductVersionCPE
aedes_projectaedes*cpe:2.3:a:aedes_project:aedes:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aedes_project	aedes	*	cpe:2.3:a:aedes_project:aedes::::::::

References

github.com/advisories/GHSA-gh78-48h3-frjq

github.com/moscajs/aedes/commit/8d34ee5819cfc983d57e49b45d8c5ef70a76d79b

github.com/moscajs/aedes/pull/493

nvd.nist.gov/vuln/detail/CVE-2020-13410

payatu.com/advisory/dos-in-aedes-mqtt-broker

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.0%

JSON

Related for GHSA-GH78-48H3-FRJQ