The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: zephyr
Published: 2020-06-05T17:37:37.515923Z
Updated: 2024-09-17T04:19:36.893Z
Reserved: 2020-03-04T00:00:00
Link: CVE-2020-10071
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-05T18:15:13.087
Modified: 2020-06-12T14:28:45.177
Link: CVE-2020-10071
Redhat
No data.