mosquitto
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | An Open Source MQTT v3.1/v3.1.1 Broker |
Version | 1.6.7-1 [community] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-772 | 1.5.1-1 | 1.5.3-1 | Medium | Fixed | |
AVG-353 | 1.4.12-1 | 1.4.14-1 | Medium | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2018-12543 | AVG-772 | Medium | Yes | Denial of service | If a message is sent to Mosquitto before 1.5.3 with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and... |
CVE-2017-9868 | AVG-353 | Medium | No | Information disclosure | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. |
Advisories
Date | Advisory | Group | Severity | Description |
---|---|---|---|---|
01 Oct 2018 | ASA-201810-1 | AVG-772 | Medium | denial of service |
16 Jul 2017 | ASA-201707-16 | AVG-353 | Medium | information disclosure |