CVE-2025-66217

CVSS v4.0

8.8

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions AIS-catcher versions prior to 0.64

Description AIS-catcher, a multi-platform AIS receiver, contains a flaw in its MQTT parsing logic. An integer underflow can be triggered by sending a crafted MQTT packet with a modified Topic Length field. This can cause a significant Heap Buffer Overflow, resulting in a Denial of Service (DoS). When used as a library, this can also lead to severe Memory Corruption, potentially enabling Remote Code Execution (RCE). The issue is related to the parsing of the

Topic Length

field within MQTT packets.

Recommendations Update to version 0.64 or later.

Fix

Heap Based Buffer Overflow

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-191

Related Identifiers

CVE-2025-66217

GHSA-93MJ-C8Q3-69RG

Affected Products

Ais-Catcher

CVE-2025-66217

Weakness Enumeration

Related Identifiers

Affected Products

References · 5