UDP Socket Read Error in RIOT 2019.07 MQTT-SN Implementation

UDP Socket Read Error in RIOT 2019.07 MQTT-SN Implementation

CVE-2019-17389 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.

Learn more about our Iot Penetration Testing.