The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2020-06-05T17:37:37.515923Z

Updated: 2024-09-17T04:19:36.893Z

Reserved: 2020-03-04T00:00:00

Link: CVE-2020-10071

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-06-05T18:15:13.087

Modified: 2020-06-12T14:28:45.177

Link: CVE-2020-10071

cve-icon Redhat

No data.