11 matches found
EUVD-2026-36663
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...
curl: integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit
Summary: A logic error involving an integer overflow specifically, an unsigned integer underflow exists in the lib/mqtt.c file within the mqttpublish function. This vulnerability allows an attacker or a malicious user configuration to bypass the explicit MAXMQTTMESSAGESIZE check. The vulnerabilit...
curl: libcurl MQTT PUBLISH length overflow (heap overflow)
Summary: Heap-based buffer overflow in libcurl’s MQTT PUBLISH assembly lib/mqtt.c::mqttpublish due to unchecked sizet arithmetic when computing the MQTT “Remaining Length”. If payloadlen + 2 + topiclen wraps sizet, libcurl allocates a too-small buffer and then memcpy’s payloadlen bytes into it,...
EUVD-2018-9361
Malware in sbrugna...
CVE-2019-13120
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which...
DEBIAN-CVE-2023-2905
Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...
CVE-2023-2905
Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...
CVE-2019-13120
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which...
PT-2019-13136 · Amazon · Amazon Freertos
Name of the Vulnerable Software and Affected Versions: Amazon FreeRTOS versions up to and including 1.4.8 Description: The issue is related to a lack of length checking in the prvProcessReceivedPublish function, which can lead to the untargetable leakage of arbitrary memory contents on a device t...
CVE-2018-17614
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from...
Losant Arduino MQTT Client Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of...