{ "schema_version": "1.4.0", "id": "GHSA-wv67-9jq7-8r69", "modified": "2021-08-03T21:47:43Z", "published": "2019-05-14T04:02:45Z", "aliases": [ "CVE-2019-5432" ], "summary": "Improper Input Validation and Buffer Over-read in mqtt-packet", "details": "A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "mqtt-packet" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.5.1" } ] } ] }, { "package": { "ecosystem": "npm", "name": "mqtt-packet" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "4.0.0" }, { "fixed": "4.1.3" } ] } ] }, { "package": { "ecosystem": "npm", "name": "mqtt-packet" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "5.0.0" }, { "fixed": "5.6.1" } ] } ] }, { "package": { "ecosystem": "npm", "name": "mqtt-packet" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "6.0.0" }, { "fixed": "6.1.2" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5432" }, { "type": "WEB", "url": "https://hackerone.com/reports/541354" } ], "database_specific": { "cwe_ids": [ "CWE-125", "CWE-126" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2019-05-10T04:24:12Z", "nvd_published_at": "2019-05-06T17:29:00Z" } }