PT-2024-26516 · Cesanta · Mongoose
Published
2024-05-29
·
Updated
2024-08-20
·
CVE-2024-35492
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Cesanta Mongoose version b316989
Description
The issue is related to a NULL pointer dereference via the
scpy function at src/fmt.c. This allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.Recommendations
For version b316989, consider disabling the
scpy function at src/fmt.c as a temporary workaround to minimize the risk of exploitation. Restrict access to the src/fmt.c module to minimize the risk of Denial of Service (DoS) attacks via crafted MQTT packets.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongoose