MidnightBSD

Advisories for mqtt-packet_project

CVE-2016-10523 MEDIUM

MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-119,

Products Affected

Vendor Product Version
mqtt-packet_project mqtt-packet *
CVE-2019-5432 MEDIUM

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
mqtt-packet_project mqtt-packet *