CVE-2019-11778

CVE-2019-11778

Vendor The Eclipse Foundation
Product Eclipse Mosquitto
Weakness CWE-416
Published September 18, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

Key dates

02Disclosure timeline

September 18, 2019 CVE published
August 4, 2024 Record updated