CVE-2019-11779

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions 1.5.0 through 1.6.5

Description The issue is related to insufficient exception state checking, which can be exploited by a remote attacker to cause a denial of service. This can happen when a malicious MQTT client sends a SUBSCRIBE packet containing a topic with approximately 65400 or more '/' characters, leading to a stack overflow.

Recommendations For Eclipse Mosquitto versions 1.5.0 through 1.6.5, consider restricting the length of topics in SUBSCRIBE packets to prevent stack overflows until a patch is available. As a temporary workaround, restrict access to the SUBSCRIBE functionality to minimize the risk of exploitation.

Fix

Improper Check for Exceptional Conditions

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-674

Related Identifiers

ALT-PU-2020-3477

ALT-PU-2020-3496

ALT-PU-2024-10879

BDU:2020-01486

CVE-2019-11779

DLA-1972-1

DSA-4570-1

MGASA-2019-0345

OPENSUSE-SU-2019:2206-1

OPENSUSE-SU-2019:2247-1

OPENSUSE-SU-2019_2206-1

OPENSUSE-SU-2024:11057-1

Affected Products

Alt Linux

Eclipse Mosquitto

Suse

Ubuntu

CVE-2019-11779

Weakness Enumeration

Related Identifiers

Affected Products

References · 54