The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
2018-06-05T20:29:00.293
2024-11-21T03:32:23.017
Modified
CVSSv3.0: 5.3 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:N/A:P
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | eclipse | mosquitto | ≤ 1.4.15 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |