CVE-2019-11778

{"id": "CVE-2019-11778", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2019-09-18T23:15:10.987", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162", "tags": ["Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations."}, {"lang": "es", "value": "Si un cliente MQTT versi\u00f3n v5 se conecta a Eclipse Mosquitto versiones 1.6.0 hasta 1.6.4 incluy\u00e9ndola, establece un \u00faltimo deseo y testamento, establece un intervalo de retardo de deseo, establece un intervalo de vencimiento de sesi\u00f3n y el intervalo de retardo de deseo se establece por encima del intervalo de vencimiento de sesi\u00f3n, luego se presenta un error de uso de memoria previamente liberada, que tiene el potencial para causar un bloqueo en algunas situaciones."}], "lastModified": "2024-11-21T04:21:46.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE23104F-6AE2-4E5F-9657-1AF489A651B6", "versionEndExcluding": "1.6.5", "versionStartIncluding": "1.6"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}