CVE-2019-19307

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose version 6.16

Description The issue is related to an integer overflow in the parse mqtt function in mongoose.c, which can be exploited by sending a crafted MQTT protocol packet. This could lead to a remote Denial of Service (DoS) in the form of an infinite loop, or potentially cause an out-of-bounds write.

Recommendations For Cesanta Mongoose version 6.16, consider disabling the parse mqtt function in mongoose.c to prevent exploitation until a patch is available. Restrict access to the MQTT protocol packet handling to minimize the risk of remote DoS or out-of-bounds write. At the moment, there is no information about a newer version that contains a fix for this vulnerability.