CVE-2025-66217

Source
https://cve.org/CVERecord?id=CVE-2025-66217
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66217.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66217
Aliases
  • GHSA-93mj-c8q3-69rg
Published
2025-11-29T01:57:52.613Z
Modified
2026-07-15T01:49:11.178829137Z
Severity
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
Details

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.

Database specific
{
    "cwe_ids": [
        "CWE-122",
        "CWE-191"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66217.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/jvde-github/ais-catcher

Affected ranges

Type
GIT
Repo
https://github.com/jvde-github/ais-catcher
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:aiscatcher:ais-catcher:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.64"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.07
0.08
0.09
0.1
Other
Edge
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.17
v0.18
v0.19
v0.2
v0.21
v0.22
v0.23
v0.24
v0.26
v0.26a
v0.27
v0.27a
v0.27b
v0.29
v0.30
v0.31
v0.34
v0.35
v0.35a
v0.36
v0.36a
v0.37
v0.38
v0.39
v0.40
v0.40a
v0.40b
v0.43
v0.44
v0.45
v0.45a
v0.45c
v0.45e
v0.46
v0.47
v0.48
v0.50
v0.50b
v0.51
v0.51b
v0.52
v0.53
v0.54
v0.55
v0.58
v0.59
v0.60
v0.61
v0.62
v0.63

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66217.json"