FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mosquitto -- NULL pointer dereference

Affected packages
2.0.0 <= mosquitto < 2.0.10

Details

VuXML ID cc553d79-e1f0-4b94-89f2-bacad42ee826
Discovery 2021-04-10
Entry 2021-07-24

Roger Light reports:

If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault.

(Note: a CVE is referenced in the github commit but it appears to be for a python-bleach vulnerability so it is not included here.)

References

URL https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt