Stack Overflow Vulnerability in Eclipse Mosquitto MQTT Broker
CVE-2019-11779

6.5MEDIUM

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Mosquitto
Vendor
CVE Published:
19 September 2019

What is CVE-2019-11779?

In versions 1.5.0 to 1.6.5 of Eclipse Mosquitto, a stack overflow can occur if a malicious MQTT client sends a SUBSCRIBE packet featuring an excessively long topic consisting of around 65400 or more '/' characters. This improper input handling can lead to unexpected behavior in the MQTT broker, potentially allowing an attacker to disrupt service or exploit additional vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
x_refsource_CONFIRM
https://usn.ubuntu.com/4137-1/
vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.