DescriptionIn Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.SUSE Bugzilla entry: 1151494 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2019:2206-1, published Sat, 28 Sep 2019 18:11:22 +0200 (CEST)
- openSUSE-SU-2019:2247-1, published Fri, 4 Oct 2019 00:11:29 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.1|| ||Patchnames: