CVE-2019-17389

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.

Published : 2019-10-09 17:15 Updated : 2019-10-16 16:48

7.8
CVSS Score More info
Score 7.8 / 10
7.8
Vendor Product Version URI
Riot-os Riot 2019.07 cpe:/o:riot-os:riot:2019.07:-
  1. Riot-os (1) Search CVE
    1. Riot (1) Search CVE
      1. 2019.07

CWE

ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

Reference

History of changes

Date Event
2019-10-16 16:48
2019-10-09 17:15

New CVE