Community
Participate
Working Groups
If a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. Affects: 1.5.0 to 1.6.5 inclusive. Fixed in 1.5.9 and 1.6.6. CWE-754: Improper Check for Unusual or Exceptional Conditions https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C&version=3.1 This has, unfortunately, already been disclosed.
I've sent this to the central authority. https://github.com/CVEProject/cvelist/pull/2560
Thanks Wayne