Back to search
CVE-2019-11778
Published: Sep 18, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.
| Vendor | Product | Versions |
|---|---|---|
The Eclipse Foundation | Eclipse Mosquitto | affected 1.6.0 to 1.6.4 |
Weaknesses (CWE)
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now