6 matches found
curl: MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate
Summary: In lib/mqtt.c, the state machine in mqttdoing lines 894-911 in curl 8.20.0 does not validate that PINGRESP 0xD0 and DISCONNECT 0xE0 packets have remaininglength == 0 as required by MQTT 3.1.1 spec sections 3.13.1 and 3.14.1. A malicious broker can send a PINGRESP fixed header with non-ze...
EUVD-2008-6697
Malware in sbrugna...
PT-2024-38981
Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions up to 2.0.18a Description: The issue allows an attacker to cause memory leaking, segmentation fault, or heap-use-after-free by sending specific sequences of packets, including "CONNECT", "DISCONNECT", "SUBSCRIBE",...
PT-2024-13889
Name of the Vulnerable Software and Affected Versions eProsima Fast DDS versions prior to 2.13.0 eProsima Fast DDS versions prior to 2.12.2 eProsima Fast DDS versions prior to 2.11.3 eProsima Fast DDS versions prior to 2.10.3 eProsima Fast DDS versions prior to 2.6.7 Description A vulnerability h...
Fedora 31 : mosquitto (2019-4c69fb4cd7)
1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...
CVE-2008-6737
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information...