Denial of Service

Module: mqtt-packet

Published: January 15th, 2016

Reported by: Peter Sorowka

CVE-NONE

CWE-

Vulnerable: <3.4.6 || > 4.0.0 <4.0.5
Patched: >=3.4.6 < 4.0.0|| >=4.0.5

Overview

Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth.

Timeline

  • January 15, 2016 - Initial Report (self disclosed from maintainer)
  • January 15, 2016 - CVE Requested

Remediation

Update to version 3.4.6 or 4.0.5 or greater to fix the problem.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo