CVE-2019-11779Improper Check for Unusual or Exceptional Conditions in Mosquitto

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-674Uncontrolled Recursion9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Eclipse MosquittoTHE Eclipse Foundation Eclipse MosquittoCanonical Ubuntu Linux+4 more
Timeline
PublishedSep 19
Latest updateMay 24

Description

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDeclipse/mosquitto1.51.5.9+1
Debianeclipse/mosquitto< 1.6.6-1+3
CVEListV5the_eclipse_foundation/eclipse_mosquitto1.5.0 to 1.6.5 inclusive
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, Fedora 29, 30, 31, Ubuntu Linux 19.04

🔴Vulnerability Details

3
GHSA
GHSA-wjwr-9f4q-q8h8: In Eclipse Mosquitto 12022-05-24
CVEList
CVE-2019-11779: In Eclipse Mosquitto 12019-09-19
OSV
CVE-2019-11779: In Eclipse Mosquitto 12019-09-19

📋Vendor Advisories

2
Ubuntu
Mosquitto vulnerability2019-09-23
Debian
CVE-2019-11779: mosquitto - In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends ...2019

💬Community

3
Bugzilla
CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow [epel-7]2019-09-20
Bugzilla
CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow2019-09-20
Bugzilla
CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow [fedora-all]2019-09-20
CVE-2019-11779 — Eclipse Mosquitto vulnerability | cvebase