CVE-2019-16754

Name of the Vulnerable Software and Affected Versions RIOT version 2019.07

Description The issue is related to a NULL pointer dereference in the MQTT-SN implementation. An attacker could potentially crash a network node running the affected software by spoofing an MQTT server response. This would require knowledge of the MQTT MsgID of a pending MQTT protocol message, the ephemeral port used by the MQTT implementation, and the server IP address.

Recommendations For RIOT version 2019.07, consider restricting access to the network to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the MQTT-SN implementation in critical applications.