PT-2019-4894 · Eclipse+3 · Eclipse Mosquitto+3

Roger Light

Publicado

2019-09-19

Atualizado

2024-08-09

CVE-2019-11779

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions 1.5.0 through 1.6.5

Description The issue is related to insufficient exception state checking, which can be exploited by a remote attacker to cause a denial of service. This can happen when a malicious MQTT client sends a SUBSCRIBE packet containing a topic with approximately 65400 or more '/' characters, leading to a stack overflow.

Recommendations For Eclipse Mosquitto versions 1.5.0 through 1.6.5, consider restricting the length of topics in SUBSCRIBE packets to prevent stack overflows until a patch is available. As a temporary workaround, restrict access to the SUBSCRIBE functionality to minimize the risk of exploitation.

Correção

Improper Check for Exceptional Conditions

Uncontrolled Recursion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-754CWE-674

Identificadores relacionados

ALT-PU-2020-3477

ALT-PU-2020-3496

ALT-PU-2024-10879

BDU:2020-01486

CVE-2019-11779

DLA-1972-1

DSA-4570-1

MGASA-2019-0345

OPENSUSE-SU-2019:2206-1

OPENSUSE-SU-2019:2247-1

OPENSUSE-SU-2019_2206-1

OPENSUSE-SU-2024:11057-1

Produtos afetados

Alt Linux

Eclipse Mosquitto

Suse

Ubuntu

PT-2019-4894 · Eclipse+3 · Eclipse Mosquitto+3

CVE-2019-11779

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54