ROOT-APP-GOBINARY-CVE-2025-10543 CVE-2025-10543 in rootio-github.com/eclipse/paho.mqtt.golang - Patched by Root

Root has patched CVE-2025-10543 in the rootio-github.com/eclipse/paho.mqtt.golang package for Root:Go. Multiple fixed versions available...

Improper Input Validation

github.com/eclipse/paho.mqtt.golang is vulnerable to improper input validation. The vulnerability is due to unsafe conversion of string length from int32/int64 to int16 without overflow checks, which allows an attacker to craft oversized UTF-8 inputs that cause packet corruption or unintended dat...

SUSE CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

Linux Distros Unpatched Vulnerability : CVE-2025-10543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length...

ROS-20251203-19

Vulnerability in the Ruby programming language library that implements the MQTT protocol Rubygem MQTT is related to the lack of hostname validation. Exploitation of the vulnerability could allow A remote attacker to perform a man-in-the-middle attack...

AZL-71299 CVE-2025-10543 affecting package influxdb for versions less than 2.6.1-27

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

CVE-2025-10543

CVE-2025-10543 affects Eclipse Paho Go MQTT library paho.mqtt.golang

CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

PT-2025-48653

Name of the Vulnerable Software and Affected Versions Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions 1.5.0 and earlier Description The Eclipse Paho Go MQTT v3.1 library is susceptible to an issue where UTF-8 encoded strings exceeding 65535 bytes in length may be incorrectly encoded...

EUVD-2019-7630

Malware in sbrugna...

ARM Mbed OS MQTT library denial of service vulnerability

ARM Mbed OS is a set of open source embedded operating systems dedicated to the Internet of Things from ARM, U.K. The MQTT library is one of the MQTT Message Queuing Telemetry Transport Protocol libraries. A denial of service vulnerability exists in the MQTT library in Arm Mbed OS version...

CVE-2019-17210

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString is called by the function MQTTDeserializepublish to get the length and content of the MQTT topic name. In the function readMQTTLenString, mqttstring-lenstring.len is a part of us...

CVE-2019-17210

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString is called by the function MQTTDeserializepublish to get the length and content of the MQTT topic name. In the function readMQTTLenString, mqttstring-lenstring.len is a part of us...

Design/Logic Flaw

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString is called by the function MQTTDeserializepublish to get the length and content of the MQTT topic name. In the function readMQTTLenString, mqttstring-lenstring.len is a part of us...

CVE-2019-17210

In Arm Mbed OS (2017-11-02) the MQTT library is affected by a denial-of-service vulnerability. The root cause is readMQTTLenString() using mqttstring->lenstring.len (user-controlled) to influence control flow in MQTTDeserialize_publish(). If an attacker enlarges len, the if-statement is skippe...

CVE-2019-17210

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString is called by the function MQTTDeserializepublish to get the length and content of the MQTT topic name. In the function readMQTTLenString, mqttstring-lenstring.len is a part of us...