An exploitable arbitrary memory read vulnerability exists...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Nov 7, 2017
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Jan 27, 2023
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
References