Vulnerability Details CVE-2018-19417
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.4%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 10.0
References
Products affected by CVE-2018-19417
-
cpe:2.3:a:contiki-ng:contiki-ng:*