Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.9 views

Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2026/03/30 8:11 p.m.20 views

CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...

6.5CVSS0.00472EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.3 views

PT-2026-31651

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions 6.0.0 through 6.1.8, 6.2.0, and prior to 5.19.2 Description An integer overflow or wraparound issue exists in Apache ActiveMQ when decoding malformed packets. This occurs due to improper validation of the remaining...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References32
Hacker One
Hacker One
added 2026/01/06 8:51 a.m.14 views

curl: MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait

Curl's MQTT implementation accepts any valid Remaining Length advertised by the server without an explicit upper bound beyond the MQTT spec maximum of 268,435,455 bytes. A malicious server can send a PUBLISH packet claiming this maximum size but provide only minimal payload, causing curl to wait...

6.8AI score
Exploits0
Rows per page
Query Builder