Skip to content

Denial of Service in mqtt-packet

High severity GitHub Reviewed Published Feb 18, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

npm mqtt-packet (npm)

Affected versions

< 3.4.6
>= 4.0.0, < 4.0.5

Patched versions

3.4.6
4.0.5

Description

Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.

Recommendation

Version 3.x: Update to version 3.4.6 or later.
Version 4.x: Update to version 4.0.5 or later.

References

Published to the GitHub Advisory Database Feb 18, 2019
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

High

EPSS score

0.271%
(69th percentile)

Weaknesses

CVE ID

CVE-2016-10523

GHSA ID

GHSA-g3r2-65gc-qpqc

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.