PT-2018-10699 · Npm · Mosca

Davide Quarta

Published

2018-06-13

Updated

2019-10-09

CVE-2018-11615

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions npm mosca version 2.8.1

Description This issue allows remote attackers to deny service on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash, allowing an attacker to deny access to the target system.

Recommendations For npm mosca version 2.8.1, update to a version that fixes the regular expression parsing issue to prevent denial-of-service attacks. As a temporary workaround, consider restricting access to the topic processing functionality until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-185

Related Identifiers

CVE-2018-11615

GHSA-WQG7-VRJ7-V82H

ZDI-18-583

Affected Products

Mosca

PT-2018-10699 · Npm · Mosca

CVE-2018-11615

Weakness Enumeration

Related Identifiers

Affected Products

References · 5