Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11778

Опубликовано: 18 сент. 2019
Источник: debian
EPSS Низкий

Описание

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mosquittofixed1.6.6-1package
mosquittonot-affectedbusterpackage
mosquittonot-affectedstretchpackage
mosquittonot-affectedjessiepackage

Примечания

  • https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162

  • https://github.com/eclipse/mosquitto/issues/1401

  • https://github.com/eclipse/mosquitto/commit/8407c6d146d1e8299127737d9735afc782e04ea8

  • https://github.com/eclipse/mosquitto/commit/6f3e7b9ceb43e2626a32340c26b69ac8ae5e9c8c

  • https://mosquitto.org/blog/2019/09/version-1-6-6-released/

EPSS

Процентиль: 57%
0.00348
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-11778

CVSS3: 5.4
ubuntu
больше 6 лет назад

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

nvd логотип

CVE-2019-11778

CVSS3: 5.4
nvd
больше 6 лет назад

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

github логотип

GHSA-rr62-j9x2-468p

CVSS3: 5.4
github
больше 3 лет назад

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

EPSS

Процентиль: 57%
0.00348
Низкий