CVE-2019-11779 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Eclipse	Mosquitto
Fedoraproject	Fedora
Opensuse	Backports Sle Leap

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/
https://seclists.org/bugtraq/2019/Nov/25
https://usn.ubuntu.com/4137-1/
https://www.debian.org/security/2019/dsa-4570

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Eclipse Mosquitto", "vendor": "The Eclipse Foundation", "versions": [{"status": "affected", "version": "1.5.0 to 1.6.5 inclusive"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-18T14:06:13", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160"}, {"name": "USN-4137-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4137-1/"}, {"name": "openSUSE-SU-2019:2206", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html"}, {"name": "openSUSE-SU-2019:2247", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html"}, {"name": "FEDORA-2019-4c69fb4cd7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/"}, {"name": "FEDORA-2019-8b83c261dd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/"}, {"name": "FEDORA-2019-d99e2329cb", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/"}, {"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}, {"name": "DSA-4570", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4570"}, {"name": "20191118 [SECURITY] [DSA 4570-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-11779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Mosquitto", "version": {"version_data": [{"version_value": "1.5.0 to 1.6.5 inclusive"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160"}, {"name": "USN-4137-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4137-1/"}, {"name": "openSUSE-SU-2019:2206", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html"}, {"name": "openSUSE-SU-2019:2247", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html"}, {"name": "FEDORA-2019-4c69fb4cd7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/"}, {"name": "FEDORA-2019-8b83c261dd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/"}, {"name": "FEDORA-2019-d99e2329cb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/"}, {"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}, {"name": "DSA-4570", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4570"}, {"name": "20191118 [SECURITY] [DSA 4570-1] mosquitto security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/25"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:32.805Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160"}, {"name": "USN-4137-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4137-1/"}, {"name": "openSUSE-SU-2019:2206", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html"}, {"name": "openSUSE-SU-2019:2247", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html"}, {"name": "FEDORA-2019-4c69fb4cd7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/"}, {"name": "FEDORA-2019-8b83c261dd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/"}, {"name": "FEDORA-2019-d99e2329cb", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/"}, {"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}, {"name": "DSA-4570", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4570"}, {"name": "20191118 [SECURITY] [DSA 4570-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/25"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2019-11779", "datePublished": "2019-09-19T13:30:43", "dateReserved": "2019-05-06T00:00:00", "dateUpdated": "2024-08-04T23:03:32.805Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Eclipse Mosquitto (string)

vendor : The Eclipse Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.5.0 to 1.6.5 inclusive (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-754 (string)

description : CWE-754: Improper Check for Unusual or Exceptional Conditions (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-11-18T14:06:13 (string)

orgId : e51fbebd-6053-4e49-959f-1b94eeb69a2c (string)

shortName : eclipse (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

}

1 : { »

name : USN-4137-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : https://usn.ubuntu.com/4137-1/ (string)

}

2 : { »

name : openSUSE-SU-2019:2206 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html (string)

}

3 : { »

name : openSUSE-SU-2019:2247 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html (string)

}

4 : { »

name : FEDORA-2019-4c69fb4cd7 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/ (string)

}

5 : { »

name : FEDORA-2019-8b83c261dd (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/ (string)

}

6 : { »

name : FEDORA-2019-d99e2329cb (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/ (string)

}

7 : { »

name : [debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html (string)

}

8 : { »

name : DSA-4570 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2019/dsa-4570 (string)

}

9 : { »

name : 20191118 [SECURITY] [DSA 4570-1] mosquitto security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : https://seclists.org/bugtraq/2019/Nov/25 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@eclipse.org (string)

ID : CVE-2019-11779 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Eclipse Mosquitto (string)

version : { »

version_data : [ »

0 : { »

version_value : 1.5.0 to 1.6.5 inclusive (string)

}

]

}

]

}

vendor_name : The Eclipse Foundation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-754: Improper Check for Unusual or Exceptional Conditions (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

refsource : CONFIRM (string)

url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

}

1 : { »

name : USN-4137-1 (string)

refsource : UBUNTU (string)

url : https://usn.ubuntu.com/4137-1/ (string)

}

2 : { »

name : openSUSE-SU-2019:2206 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html (string)

}

3 : { »

name : openSUSE-SU-2019:2247 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html (string)

}

4 : { »

name : FEDORA-2019-4c69fb4cd7 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/ (string)

}

5 : { »

name : FEDORA-2019-8b83c261dd (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/ (string)

}

6 : { »

name : FEDORA-2019-d99e2329cb (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/ (string)

}

7 : { »

name : [debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html (string)

}

8 : { »

name : DSA-4570 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2019/dsa-4570 (string)

}

9 : { »

name : 20191118 [SECURITY] [DSA 4570-1] mosquitto security update (string)

refsource : BUGTRAQ (string)

url : https://seclists.org/bugtraq/2019/Nov/25 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T23:03:32.805Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

}

1 : { »

name : USN-4137-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : https://usn.ubuntu.com/4137-1/ (string)

}

2 : { »

name : openSUSE-SU-2019:2206 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html (string)

}

3 : { »

name : openSUSE-SU-2019:2247 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html (string)

}

4 : { »

name : FEDORA-2019-4c69fb4cd7 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/ (string)

}

5 : { »

name : FEDORA-2019-8b83c261dd (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/ (string)

}

6 : { »

name : FEDORA-2019-d99e2329cb (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/ (string)

}

7 : { »

name : [debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html (string)

}

8 : { »

name : DSA-4570 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2019/dsa-4570 (string)

}

9 : { »

name : 20191118 [SECURITY] [DSA 4570-1] mosquitto security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : https://seclists.org/bugtraq/2019/Nov/25 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e51fbebd-6053-4e49-959f-1b94eeb69a2c (string)

assignerShortName : eclipse (string)

cveId : CVE-2019-11779 (string)

datePublished : 2019-09-19T13:30:43 (string)

dateReserved : 2019-05-06T00:00:00 (string)

dateUpdated : 2024-08-04T23:03:32.805Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD7CF7D-7571-4725-B7D8-5D696F1A2124", "versionEndExcluding": "1.5.9", "versionStartIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE26376A-4D05-40CF-BDFB-D71FC7BD3B36", "versionEndExcluding": "1.6.6", "versionStartIncluding": "1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur."}, {"lang": "es", "value": "En Eclipse Mosquitto versiones 1.5.0 hasta 1.6.5 incluy\u00e9ndola, si un cliente MQTT malicioso env\u00eda un paquete SUBSCRIBE que contiene un tema que consta de aproximadamente 65400 o m\u00e1s caracteres '/', es decir, el separador de jerarqu\u00eda de temas, entonces ocurrir\u00e1 un desbordamiento de la pila."}], "id": "CVE-2019-11779", "lastModified": "2024-11-21T04:21:46.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-19T14:15:10.573", "references": [{"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html"}, {"source": "emo@eclipse.org", "tags": ["Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/25"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4137-1/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4137-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4570"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8BD7CF7D-7571-4725-B7D8-5D696F1A2124 (string)

versionEndExcluding : 1.5.9 (string)

versionStartIncluding : 1.5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EE26376A-4D05-40CF-BDFB-D71FC7BD3B36 (string)

versionEndExcluding : 1.6.6 (string)

versionStartIncluding : 1.6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* (string)

matchCriteriaId : CD783B0C-9246-47D9-A937-6144FE8BFF0F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 40513095-7E6E-46B3-B604-C926F1BA3568 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B620311B-34A3-48A6-82DF-6F078D7A4493 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* (string)

matchCriteriaId : D100F7CE-FC64-4CC6-852A-6136D72DA419 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* (string)

matchCriteriaId : 97A4B8DF-58DA-4AB6-A1F9-331B36409BA3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* (string)

matchCriteriaId : 80F0FA5D-8D3B-4C0E-81E2-87998286AF33 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. (string)

}

1 : { »

lang : es (string)

value : En Eclipse Mosquitto versiones 1.5.0 hasta 1.6.5 incluyéndola, si un cliente MQTT malicioso envía un paquete SUBSCRIBE que contiene un tema que consta de aproximadamente 65400 o más caracteres '/', es decir, el separador de jerarquía de temas, entonces ocurrirá un desbordamiento de la pila. (string)

}

]

id : CVE-2019-11779 (string)

lastModified : 2024-11-21T04:21:46.603 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-09-19T14:15:10.573 (string)

references : [ »

0 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html (string)

}

1 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html (string)

}

2 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

}

3 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html (string)

}

4 : { »

source : emo@eclipse.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/ (string)

}

5 : { »

source : emo@eclipse.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/ (string)

}

6 : { »

source : emo@eclipse.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/ (string)

}

7 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://seclists.org/bugtraq/2019/Nov/25 (string)

}

8 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4137-1/ (string)

}

9 : { »

source : emo@eclipse.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2019/dsa-4570 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/ (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/ (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/ (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://seclists.org/bugtraq/2019/Nov/25 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/4137-1/ (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2019/dsa-4570 (string)

}

]

sourceIdentifier : emo@eclipse.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-754 (string)

}

]

source : emo@eclipse.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-674 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object