Hardtobelieve

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose version 6.16 **Description** The issue is related to an integer overflow in the `parse mqtt` function in `mongoose.c`, which can be exploited by sending a crafted MQTT protocol packet. This could lead to a remote Denial of Service (DoS) in the form of an infinite loop, or potentially cause an out-of-bounds write. **Recommendations** For Cesanta Mongoose version 6.16, consider disabling the `parse mqtt` function in `mongoose.c` to prevent exploitation until a patch is available. Restrict access to the MQTT protocol packet handling to minimize the risk of remote DoS or out-of-bounds write. At the moment, there is no information about a newer version that contains a fix for this vulnerability.