mosquitto

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An Open Source MQTT v3.1/v3.1.1 Broker
Version 1.6.7-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-772 1.5.1-1 1.5.3-1 Medium Fixed
AVG-353 1.4.12-1 1.4.14-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-12543 AVG-772 Medium Yes Denial of service
If a message is sent to Mosquitto before 1.5.3 with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and...
CVE-2017-9868 AVG-353 Medium No Information disclosure
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

Advisories

Date Advisory Group Severity Description
01 Oct 2018 ASA-201810-1 AVG-772 Medium denial of service
16 Jul 2017 ASA-201707-16 AVG-353 Medium information disclosure