GHSA-wv67-9jq7-8r69
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wv67-9jq7-8r69
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-wv67-9jq7-8r69/GHSA-wv67-9jq7-8r69.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wv67-9jq7-8r69
- Aliases
- Published
- 2019-05-14T04:02:45Z
- Modified
- 2023-11-01T04:50:59.502170Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Improper Input Validation and Buffer Over-read in mqtt-packet
- Details
-
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.
- Database specific
{ "nvd_published_at": "2019-05-06T17:29:00Z", "github_reviewed_at": "2019-05-10T04:24:12Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-125", "CWE-126" ] }- References
Affected packages
npm / mqtt-packet
Package
- Name
- mqtt-packet
- View open source insights on deps.dev
- Purl
- pkg:npm/mqtt-packet
npm / mqtt-packet
Package
- Name
- mqtt-packet
- View open source insights on deps.dev
- Purl
- pkg:npm/mqtt-packet
npm / mqtt-packet
Package
- Name
- mqtt-packet
- View open source insights on deps.dev
- Purl
- pkg:npm/mqtt-packet
npm / mqtt-packet
Package
- Name
- mqtt-packet
- View open source insights on deps.dev
- Purl
- pkg:npm/mqtt-packet