mqtt-packet

Denial of Service

Severity: high

Overview

Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.

Remediation

Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or later.

Vulnerable versions

1.0.0
4 years ago
1.0.1
4 years ago
1.0.2
4 years ago
1.0.3
4 years ago
2.0.0
4 years ago
2.0.1
4 years ago
3.0.0
4 years ago
3.1.0
4 years ago
3.1.1
4 years ago
3.2.0
4 years ago
3.3.0
3 years ago
3.3.1
3 years ago
3.4.0
3 years ago
3.4.1
3 years ago
3.4.2
3 years ago
3.4.3
3 years ago
3.4.4
3 years ago
4.0.1
3 years ago
4.0.2
3 years ago
4.0.3
3 years ago
4.0.4
3 years ago
3.4.5
3 years ago

Unaffected versions

4.0.0
3 years ago
4.0.5
3 years ago
3.4.6
3 years ago
4.1.0
3 years ago
4.1.1
2 years ago
4.1.2
2 years ago
3.4.7
2 years ago
5.0.0
2 years ago
5.1.0
2 years ago
5.2.0
2 years ago
5.2.1
2 years ago
3.4.8
2 years ago
5.2.2
a year ago
5.3.0
a year ago
5.4.0
a year ago
5.5.0
6 months ago
3.5.0
5 months ago
5.6.0
3 months ago
6.0.0
2 months ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Jan 15th, 2016
  2. Reported

    Initial report by Peter Sorowka
    Jan 15th, 2016