CVE-2018-12543Reachable Assertion in Eclipse Foundation Eclipse Mosquitto

CWE-617Reachable AssertionCWE-20Improper Input Validation8 documents6 sources
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Eclipse MosquittoTHE Eclipse Foundation Eclipse Mosquitto
Timeline
PublishedNov 15
Latest updateMay 13

Description

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5the_eclipse_foundation/eclipse_mosquitto1.5unspecified+1
Alpineeclipse/mosquitto< 1.5.3-r0+14
NVDeclipse/mosquitto1.5.01.5.2

🔴Vulnerability Details

3
GHSA
GHSA-4g6q-vx9q-q84r: In Eclipse Mosquitto versions 12022-05-13
OSV
CVE-2018-12543: In Eclipse Mosquitto versions 12018-11-15
CVEList
CVE-2018-12543: In Eclipse Mosquitto versions 12018-11-15

📋Vendor Advisories

1
Debian
CVE-2018-12543: mosquitto - In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published ...2018

💬Community

3
Bugzilla
CVE-2018-12543 mosquitto: DoS due to a reachable assertion in topic field [epel-7]2018-10-24
Bugzilla
CVE-2018-12543 mosquitto: DoS due to a reachable assertion in topic field [fedora-all]2018-10-24
Bugzilla
CVE-2018-12543 mosquitto: DoS due to a reachable assertion in topic field2018-10-24
CVE-2018-12543 — Reachable Assertion | cvebase