CVE-2025-66217

Name of the Vulnerable Software and Affected Versions AIS-catcher versions prior to 0.64

Description AIS-catcher, a multi-platform AIS receiver, contains a flaw in its MQTT parsing logic. An integer underflow can be triggered by sending a crafted MQTT packet with a modified Topic Length field. This can cause a significant Heap Buffer Overflow, resulting in a Denial of Service (DoS). When used as a library, this can also lead to severe Memory Corruption, potentially enabling Remote Code Execution (RCE). The issue is related to the parsing of the Topic Length field within MQTT packets.

Recommendations Update to version 0.64 or later.