19 matches found
BELL-CVE-2019-11779 CVE-2019-11779 does not affect BellSoft software
Bulletin has no description...
Mageia: Security Advisory (MGASA-2019-0345)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Eclipse Mosquitto Denial Of Service (CVE-2019-11779)
A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...
openSUSE: Security Advisory for mosquitto (openSUSE-SU-2019:2206-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Updated mosquitto packages fix security vulnerability
Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy...
Debian DSA-4570-1 : mosquitto - security update
A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy. C...
[SECURITY] [DSA 4570-1] mosquitto security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq -...
Debian: Security Advisory (DLA-1972-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1972-1] mosquitto security update
Package : mosquitto Version : 1.3.4-2+deb8u4 CVE ID : CVE-2017-7655 CVE-2018-12550 CVE-2018-12551 CVE-2019-11779 Several issues have been found in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker. CVE-2017-7655 A Null dereference vulnerability in the Mosquitto library could lead to...
Fedora 29 : mosquitto (2019-d99e2329cb)
1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...
Fedora 31 : mosquitto (2019-4c69fb4cd7)
1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...
Fedora Update for mosquitto FEDORA-2019-d99e2329cb
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:2247-1 Security update for mosquitto
This update for mosquitto fixes the following issues: - CVE-2019-11779: Fixed insufficient parsing of SUBSCRIBE packets that could lead to a stack overflow bsc1151494. This update was imported from the openSUSE:Leap:15.1:Update update project...
openSUSE Security Update : mosquitto (openSUSE-2019-2206)
This update for mosquitto fixes the following issues : - CVE-2019-11779: Fixed insufficient parsing of SUBSCRIBE packets that could lead to a stack overflow bsc1151494. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
OPENSUSE-SU-2019:2206-1 Security update for mosquitto
This update for mosquitto fixes the following issues: - CVE-2019-11779: Fixed insufficient parsing of SUBSCRIBE packets that could lead to a stack overflow bsc1151494...
CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...
CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...
CVE-2019-11779
CVE-2019-11779 affects Eclipse Mosquitto versions 1.5.0–1.6.5 (inclusive). A crafted MQTT SUBSCRIBE packet with a topic containing about 65,400 or more '/' characters can trigger a stack overflow in the broker, causing a denial of service. Public references show that the root cause is handling of...
CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...