Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:MQTT-OF-DOS

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Eclipse Mosquitto MQTT SUBSCRIBE Topic Stack Overflow

Release Date

 2019/11/14

Update Number

 3225

Supported Platforms

 srx-17.3+, srx-branch-17.4+, vsrx-15.1+, vsrx3bsd-18.2+

APP: Eclipse Mosquitto MQTT SUBSCRIBE Topic Stack Overflow


This signature detects attempts to exploit a known vulnerability against Eclipse Mosquitto. A successful attack can result in a denial-of-service condition.

Extended Description

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

Affected Products

  • Eclipse mosquitto 1.5
  • Eclipse mosquitto 1.5.1
  • Eclipse mosquitto 1.5.2
  • Eclipse mosquitto 1.5.3
  • Eclipse mosquitto 1.5.4
  • Eclipse mosquitto 1.5.5
  • Eclipse mosquitto 1.5.6
  • Eclipse mosquitto 1.5.7
  • Eclipse mosquitto 1.5.8
  • Eclipse mosquitto 1.6
  • Eclipse mosquitto 1.6.1
  • Eclipse mosquitto 1.6.2
  • Eclipse mosquitto 1.6.3
  • Eclipse mosquitto 1.6.4
  • Eclipse mosquitto 1.6.5

References

  • CVE: CVE-2019-11779

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out