In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
References
Link | Resource |
---|---|
https://github.com/RIOT-OS/RIOT/pull/12382 | Patch Third Party Advisory |
Configurations
Information
Published : 2019-10-09 10:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-17389
Mitre link : CVE-2019-17389
JSON object : View
CWE
Products Affected
riot-os
- riot