PT-2019-12495 · Eclipse+1 · Eclipse Mosquitto+1

Roger Light

Publicado

2019-09-18

Atualizado

2024-08-09

CVE-2019-11778

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions 1.6.0 through 1.6.4

Description A use after free error occurs when an MQTT v5 client connects to the affected Eclipse Mosquitto versions, sets a last will and testament, a will delay interval, and a session expiry interval, where the will delay interval is longer than the session expiry interval. This error has the potential to cause a crash in certain situations.

Recommendations For Eclipse Mosquitto versions 1.6.0 through 1.6.4, ensure that the will delay interval is not set longer than the session expiry interval to prevent the use after free error. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2020-3477

ALT-PU-2020-3496

ALT-PU-2024-10879

CVE-2019-11778

OPENSUSE-SU-2024:11057-1

Produtos afetados

Alt Linux

Eclipse Mosquitto

PT-2019-12495 · Eclipse+1 · Eclipse Mosquitto+1

CVE-2019-11778

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12