Your submission was sent successfully! Close

CVE-2019-11779

Published: 19 September 2019

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
mosquitto
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
disco
Released (1.5.7-1ubuntu0.1)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream
Released (1.6.6-1)
xenial Not vulnerable
(code not present)