CVE-2019-11778

Published: 9/18/2019 Last updated: 8/4/2024 Reserved: 5/6/2019

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

CNA assigner: eclipse (e51fbebd-6053-4e49-959f-1b94eeb69a2c) Requested by: n/a

Opam packages affected (1)

conf-libmosquitto

Products affected (1)

Product	Vendor	Version
Eclipse Mosquitto	The Eclipse Foundation	1.3.3

References (2)

https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162