|Date: (C)2017-11-08 (M)2017-11-16|
|CVSS Score: 6.8||Access Vector: |
|Exploitability Subscore: ||Access Complexity: |
|Impact Subscore: ||Authentication: |
| ||Confidentiality: |
| ||Integrity: |
| ||Availability: |
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.