CVE-2019-5432

Published: May 6, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.

Affected (4)

Products: Mqtt Packet Project: Mqtt Packet

Mqtt Packet Project

1 product

Mqtt Packet

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mqtt Packet Project Mqtt Packet	Before 3.5.1
Mqtt Packet Project Mqtt Packet	From 4.0.0 to 4.1.3
Mqtt Packet Project Mqtt Packet	From 5.0.0 to 5.6.1
Mqtt Packet Project Mqtt Packet	From 6.0.0 to 6.1.2

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (2)

https://hackerone.com/reports/541354

Source: support@hackerone.com

ExploitIssue TrackingPatchThird Party Advisory

https://hackerone.com/reports/541354

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.