Signature Detail

APP: Eclipse Mosquitto CVE-2018-12543 Denial of Service

This signature detects attempts to exploit a known vulnerability against Eclipse Mosquitto versions 1.5 to 1.5.2 . A successful attack can result in a denial-of-service condition.

Extended Description

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

Affected Products

• Eclipse mosquitto 1.5.1
• Eclipse mosquitto 1.5.2

References

• CVE: CVE-2018-12543