Vulnerability Details CVE-2017-2893
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.053
EPSS Ranking 89.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References