Denial-of-Service Vulnerability in MQTT Library of Arm Mbed OS
CVE-2019-17210

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed-MQtt; Mbed-os
Vendor: CVE Published:; 4 November 2019

What is CVE-2019-17210?

A denial-of-service issue was identified in the MQTT library of Arm Mbed OS version 2017-11-02. The vulnerability arises when the function readMQTTLenString() is utilized to obtain the length and content of the MQTT topic name, where user input can be manipulated to yield larger values than intended. This manipulation leads to unpredictable behavior in the program as the mqttstring->lenstring.data defaults to zero after bypassing crucial validations. Such an incident can result in accessing a memory address that could compromise the functioning of applications relying on the library, particularly on Arm Cortex-M chips.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ARMmbed/mbed-os/issues/11802

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2019
Vulnerability Reserved
Oct 6, 2019

JSON

Arm

What is CVE-2019-17210?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.