PT-2019-17664 · Mqtt Packet · Mqtt-Packet

Lxndr

Published

2019-05-06

Updated

2021-11-03

CVE-2019-5432

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions mqtt-packet module versions 3.5.0 and earlier mqtt-packet module versions 4.0.0 through 4.1.3 mqtt-packet module versions 5.0.0 through 5.6.1 mqtt-packet module versions 6.0.0 through 6.1.2

Description A specifically malformed MQTT Subscribe packet can cause MQTT Brokers using the mqtt-packet module to crash due to an issue with decoding.

Recommendations For versions 3.5.0 and earlier, update to version 3.5.1 or later. For versions 4.0.0 through 4.1.3, update to version 4.1.4 or later. For versions 5.0.0 through 5.6.1, update to version 5.6.2 or later. For versions 6.0.0 through 6.1.2, update to version 6.1.3 or later.

Exploit

Fix

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

CVE-2019-5432

GHSA-WV67-9JQ7-8R69

Affected Products

Mqtt-Packet

PT-2019-17664 · Mqtt Packet · Mqtt-Packet

CVE-2019-5432

Weakness Enumeration

Related Identifiers

Affected Products

References · 9