CVE-2019-11778

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions 1.6.0 through 1.6.4

Description A use after free error occurs when an MQTT v5 client connects to the affected Eclipse Mosquitto versions, sets a last will and testament, a will delay interval, and a session expiry interval, where the will delay interval is longer than the session expiry interval. This error has the potential to cause a crash in certain situations.

Recommendations For Eclipse Mosquitto versions 1.6.0 through 1.6.4, ensure that the will delay interval is not set longer than the session expiry interval to prevent the use after free error. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-3477

ALT-PU-2020-3496

ALT-PU-2024-10879

CVE-2019-11778

OPENSUSE-SU-2024:11057-1

Affected Products

Alt Linux

Eclipse Mosquitto

CVE-2019-11778

Weakness Enumeration

Related Identifiers

Affected Products

References · 12