Lucene search
K

5 matches found

seebug.org
seebug.org
added 2017/11/08 12:0 a.m.56 views

Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution(CVE-2017-2894)

Summary An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT...

9.9AI score0.31045EPSS
Exploits2
OSV
OSV
added 2017/11/07 4:29 p.m.20 views

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

9.8CVSS7.9AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/11/07 4:29 p.m.24 views

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

9.8CVSS7.4AI score0.31045EPSS
Exploits2References2
CVE
CVE
added 2017/11/07 4:0 p.m.71 views

CVE-2017-2894

CVE-2017-2894 describes an exploitable stack buffer overflow in Cesanta Mongoose 6.8, specifically in the MQTT SUBSCRIBE handling. The root cause is in mg_mqtt_broker_handle_subscribe where a fixed-size qoss buffer (512) is filled without bounds checks, allowing a SUBSCRIBE packet with many topic...

9.8CVSS9.7AI score0.31045EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.25 views

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

9.8CVSS9.8AI score0.31045EPSS
Exploits2References1
Rows per page
Query Builder