Home > Vulnerability Database > CVE-2018-17614

Mend.io Vulnerability Database

CVE-2018-17614

Good to know:

Date: November 13, 2018

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436.

Language: C++

Severity Score

5.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-17614

Url: https://zerodayinitiative.com/advisories/ZDI-18-1337

Url: https://github.com/knolleary/pubsubclient/releases/tag/v2.7

Url: https://www.mend.io/vulnerability-database/CVE-2018-17614

Severity Score

5.1

Weakness Type (CWE)

Buffer Errors

CWE-119

Stack-based Buffer Overflow

CWE-121

Top Fix

Upgrade Version

Upgrade to version v2.7

Learn More

CVSS v3

Base Score:	5.1
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	7.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-17614

Good to know:

Date: November 13, 2018

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?