5 matches found
Eclipse Mosquitto Denial Of Service (CVE-2019-11779)
A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...
Fedora 29 : mosquitto (2019-d99e2329cb)
1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...
Fedora 31 : mosquitto (2019-4c69fb4cd7)
1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...
CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...
Stack overflow
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...