#VU16241 Out-of-bounds write in pubsubclient - CVE-2018-17614
Published: December 5, 2018
Vulnerability identifier: #VU16241
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-17614
CWE-ID: CWE-787
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
pubsubclient
pubsubclient
Software vendor:
Nick O'Leary
Nick O'Leary
Description
This vulnerability allows an adjacent attacker to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client.
The weakness exists due to unbounded write-in caused by a missing check on the “remaining length” field in a popular MQTT library during the parsing routine for an MQTT PUBLISH packet, and precisely when reading the “remaining length” and “topic length” fields. An adjacent attacker can supply specially crafted input and cause persistent denial-of-service (DoS) condition or execute code on vulnerable devices that implement an MQTT client in the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to unbounded write-in caused by a missing check on the “remaining length” field in a popular MQTT library during the parsing routine for an MQTT PUBLISH packet, and precisely when reading the “remaining length” and “topic length” fields. An adjacent attacker can supply specially crafted input and cause persistent denial-of-service (DoS) condition or execute code on vulnerable devices that implement an MQTT client in the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.7.