Vulnerability: Assertion Triggered by Invalid Topic in Eclipse Mosquitto

Vulnerability: Assertion Triggered by Invalid Topic in Eclipse Mosquitto

CVE-2018-12543 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

Learn more about our Web Application Penetration Testing UK.