Описание
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:riot-os:riot:2019.07:-:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
EPSS
Процентиль: 53%
0.00296
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
NVD-CWE-noinfo