NotCVE - vendor:"Eclipse" product:"Mosquitto" version:" >= 1.6 <= 2.0.11"

Page 2 of 13 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-28166

https://notcve.org/view.php?id=CVE-2021-28166

07 Apr 2021 — In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. En Eclipse Mosquitto versiones 2.0.0 hasta 2.0.9, si un cliente autenticado que se había conectado con MQTT v5 envió un mensaje CONNACK diseñado al broker, se produciría una desreferencia del puntero NULL • https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 7%CPEs: 10EXPL: 0

CVE-2019-11779 – Ubuntu Security Notice USN-4137-1

https://notcve.org/view.php?id=CVE-2019-11779

19 Sep 2019 — In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. En Eclipse Mosquitto versiones 1.5.0 hasta 1.6.5 incluyéndola, si un cliente MQTT malicioso envía un paquete SUBSCRIBE que contiene un tema que consta de aproximadamente 65400 o más caracteres '/', es decir, el separador de jerarquía de temas, entonces ocurrirá u... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html • CWE-674: Uncontrolled Recursion CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-11778

https://notcve.org/view.php?id=CVE-2019-11778

18 Sep 2019 — If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. Si un cliente MQTT versión v5 se conecta a Eclipse Mosquitto versiones 1.6.0 hasta 1.6.4 incluyéndola, establece un último deseo y testamento, establece un inter... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162 • CWE-416: Use After Free •

1 2