CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

SUSE CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0...

OESA-2022-2053 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

ALPINE-CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0...

DEBIAN-CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0...

UBUNTU-CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0...