Vulnerability Description
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cesanta | Mongoose | 6.13 |
Related Weaknesses (CWE)
References
- https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/CesantaExploitThird Party Advisory
- https://twitter.com/thracky/status/1059472674940993541Third Party Advisory
- https://github.com/TiffanyBlue/PoCbyMyself/blob/master/mongoose6.13/mqtt/CesantaExploitThird Party Advisory
- https://twitter.com/thracky/status/1059472674940993541Third Party Advisory
FAQ
What is CVE-2018-18765?
CVE-2018-18765 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A spec...
How severe is CVE-2018-18765?
CVE-2018-18765 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-18765?
Check the references section above for vendor advisories and patch information. Affected products include: Cesanta Mongoose.