Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11779

Опубликовано: 19 сент. 2019
Источник: debian

Описание

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mosquittofixed1.6.6-1package
mosquittonot-affectedstretchpackage

Примечания

  • https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160

  • https://github.com/eclipse/mosquitto/issues/1412

  • Introduced by: https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566 (v1.5)

  • Fixed by: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)

  • Fixed by: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)

  • https://mosquitto.org/blog/2019/09/version-1-6-6-released/

  • The issue manifests in versions 1.5.0 and onwards only, because some structs

  • increased in size enough to cause the stack overflow vulnerability for excessive

  • topic hierarchies. In earlier versions, the maximum possible hierarchy depth of

  • 65535 wouldn't cause a stack overflow.

Связанные уязвимости

ubuntu логотип

CVE-2019-11779

CVSS3: 6.5
ubuntu
больше 6 лет назад

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

nvd логотип

CVE-2019-11779

CVSS3: 6.5
nvd
больше 6 лет назад

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

suse-cvrf логотип

openSUSE-SU-2019:2206-1

suse-cvrf
больше 6 лет назад

Security update for mosquitto

github логотип

GHSA-wjwr-9f4q-q8h8

github
больше 3 лет назад

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

fstec логотип

BDU:2020-01486

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость брокера сообщений Eclipse Mosquitto, связанная с недостаточной проверкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании