npm

Severity: high

Denial of Service

mqtt-packet

Overview

Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.

Remediation

Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 15th, 2016
  2. reported

    Initial report by Peter Sorowka
    Jan 15th, 2016