Denial of Service

Module: mqtt-packet

Published: January 15th, 2016

Reported by: Peter Sorowka

CVE-NONE

CWE-730

Vulnerable: <3.4.6 || > 4.0.0 <4.0.5
Patched: >=3.4.6 < 4.0.0|| >=4.0.5

Overview

Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.

Remediation

Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or later.

References

PR #8 Issue #393