GHSA-hg78-c92r-hvwr

Source

https://github.com/advisories/GHSA-hg78-c92r-hvwr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-hg78-c92r-hvwr/GHSA-hg78-c92r-hvwr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hg78-c92r-hvwr

Aliases

CVE-2016-1000242

Published

2020-09-01T16:01:24Z

Modified

2023-11-08T03:58:08.458458Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service in mqtt

Details

Affected versions of mqtt will cause the node process to crash when receiving specially crafted MQTT packets, making the application vulnerable to a denial of service condition.

Recommendation

Update to v1.0.0 or later

Database specific

{
    "github_reviewed_at": "2020-08-31T18:12:16Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-248"
    ]
}

References

Affected packages

npm / mqtt

Package

Name: mqtt; View open source insights on deps.dev
Purl: pkg:npm/mqtt

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.0

Database specific

last_known_affected_version_range

"<= 0.3.13"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-hg78-c92r-hvwr/GHSA-hg78-c92r-hvwr.json"