CVE-2019-11779

Summary

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Mosquitto1.5.0 to 1.6.5 inclusiveaffected

Weaknesses

  • CWE-754: CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References