Short Name |
APP:MISC:MQTT-OF-DOS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Eclipse Mosquitto MQTT SUBSCRIBE Topic Stack Overflow |
Release Date |
2019/11/14 |
Update Number |
3225 |
Supported Platforms |
srx-17.3+, srx-branch-17.4+, vsrx-15.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Eclipse Mosquitto. A successful attack can result in a denial-of-service condition.
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.