CVE-2019-11779

NameCVE-2019-11779
DescriptionIn Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1972-1, DSA-4570-1
NVD severitymedium
Debian Bugs940654

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mosquitto (PTS)jessie1.3.4-2+deb8u1vulnerable
jessie (security)1.3.4-2+deb8u4fixed
stretch (security), stretch1.4.10-3+deb9u4fixed
buster1.5.7-1vulnerable
buster (security)1.5.7-1+deb10u1fixed
bullseye, sid1.6.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mosquittosource(unstable)1.6.6-1940654
mosquittosourcebuster1.5.7-1+deb10u1DSA-4570-1
mosquittosourcejessie1.3.4-2+deb8u4DLA-1972-1
mosquittosourcestretch(not affected)

Notes

[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
https://github.com/eclipse/mosquitto/issues/1412
Introduced by: https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566 (v1.5)
Fixed by: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)
Fixed by: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)
https://mosquitto.org/blog/2019/09/version-1-6-6-released/
The issue manifests in versions 1.5.0 and onwards only, because some structs
increased in size enough to cause the stack overflow vulnerability for excessive
topic hierarchies. In earlier versions, the maximum possible hierarchy depth of
65535 wouldn't cause a stack overflow.

Search for package or bug name: Reporting problems