3 matches found
CVE-2017-2895
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...
CVE-2017-2895
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...
CVE-2017-2895
The CVE-2017-2895 issue affects Cesanta Mongoose 6.8 in its MQTT SUBSCRIBE packet parsing. The root cause is a missing bounds check when parsing topic length (topic->len read from the packet) before using it to locate the QoS byte, enabling an out-of-bounds read from the message payload. This ...