Lucene search
K

11 matches found

EUVD
EUVD
added 2026/06/14 5:26 p.m.13 views

EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS5.6AI score0.00407EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/01/13 7:12 a.m.15 views

curl: integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit

Summary: A logic error involving an integer overflow specifically, an unsigned integer underflow exists in the lib/mqtt.c file within the mqttpublish function. This vulnerability allows an attacker or a malicious user configuration to bypass the explicit MAXMQTTMESSAGESIZE check. The vulnerabilit...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2025/10/23 10:29 a.m.11 views

curl: libcurl MQTT PUBLISH length overflow (heap overflow)

Summary: Heap-based buffer overflow in libcurl’s MQTT PUBLISH assembly lib/mqtt.c::mqttpublish due to unchecked sizet arithmetic when computing the MQTT “Remaining Length”. If payloadlen + 2 + topiclen wraps sizet, libcurl allocates a too-small buffer and then memcpy’s payloadlen bytes into it,...

7.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-9361

Malware in sbrugna...

8.8CVSS8.8AI score0.09258EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13120

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which...

7.5CVSS7AI score0.0119EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 5:15 a.m.6 views

DEBIAN-CVE-2023-2905

Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...

8.8CVSS6.9AI score0.01014EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/08/09 4:46 a.m.6 views

CVE-2023-2905

Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...

8.8CVSS6.9AI score0.01014EPSS
Exploits1
OSV
OSV
added 2019/10/07 10:15 p.m.17 views

CVE-2019-13120

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which...

7.5CVSS6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/07 12:0 a.m.8 views

PT-2019-13136 · Amazon · Amazon Freertos

Name of the Vulnerable Software and Affected Versions: Amazon FreeRTOS versions up to and including 1.4.8 Description: The issue is related to a lack of length checking in the prvProcessReceivedPublish function, which can lead to the untargetable leakage of arbitrary memory contents on a device t...

7.5CVSS7.3AI score0.0119EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/11/13 9:0 p.m.22 views

CVE-2018-17614

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from...

8.8AI score0.09258EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2018/11/02 12:0 a.m.28 views

Losant Arduino MQTT Client Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of...

5.4CVSS5AI score0.09258EPSS
Exploits0References1
Rows per page
Query Builder