Vulnerabilities > CVE-2019-11778 - Use After Free vulnerability in Eclipse Mosquitto
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |