CVE-2016-10523

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.

Ссылки

https://github.com/mcollina/mosca/issues/393
Exploit
Third Party Advisory
https://github.com/mqttjs/mqtt-packet/pull/8
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/75
Third Party Advisory
https://github.com/mcollina/mosca/issues/393
Exploit
Third Party Advisory
https://github.com/mqttjs/mqtt-packet/pull/8
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/75
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mqtt-packet_project:mqtt-packet:*:*:*:*:*:node.js:*:*

Версия до 3.4.6 (исключая)

cpe:2.3:a:mqtt-packet_project:mqtt-packet:*:*:*:*:*:node.js:*:*

Версия от 4.0.0 (включая) до 4.0.5 (исключая)

EPSS

Процентиль: 59%

0.00377

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-119

Связанные уязвимости

CVE-2016-10523

CVSS3: 7.5

ubuntu

больше 7 лет назад

MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.

CVE-2016-10523

CVSS3: 7.5

debian

больше 7 лет назад

MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted M ...

GHSA-g3r2-65gc-qpqc

github

почти 7 лет назад

Denial of Service in mqtt-packet

EPSS

Процентиль: 59%

0.00377

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-119