Remote code execution in pubsubclient
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-17614 |
| CWE-ID | CWE-787 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
pubsubclient Universal components / Libraries / Libraries used by multiple products |
| Vendor | Nick O'Leary |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU16241
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-17614
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThis vulnerability allows an adjacent attacker to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client.
The weakness exists due to unbounded write-in caused by a missing check on the “remaining length” field in a popular MQTT library during the parsing routine for an MQTT PUBLISH packet, and precisely when reading the “remaining length” and “topic length” fields. An adjacent attacker can supply specially crafted input and cause persistent denial-of-service (DoS) condition or execute code on vulnerable devices that implement an MQTT client in the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2.7.
Vulnerable software versionspubsubclient: 1.1 - 2.6
External linkshttp://blog.trendmicro.com/trendlabs-security-intelligence/machine-to-machine-m2m-technology-design...
http://www.zerodayinitiative.com/advisories/ZDI-18-1337/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
