CVE-2018-12543

CVE-2018-12543

Vendor The Eclipse Foundation
Product Eclipse Mosquitto
Weakness CWE-617
Published November 15, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

Key dates

02Disclosure timeline

November 15, 2018 CVE published
August 5, 2024 Record updated