Candidate: CVE-2016-10523
PublicDate: 2018-05-31 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10523
 https://github.com/mcollina/mosca/issues/393
 https://github.com/mqttjs/mqtt-packet/pull/8
 https://nodesecurity.io/advisories/75
Description:
 MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT
 packets to crash the application, making a DoS attack feasible with very
 little bandwidth.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_node-mqtt-packet:
upstream_node-mqtt-packet: needs-triage
precise/esm_node-mqtt-packet: DNE
trusty_node-mqtt-packet: DNE
trusty/esm_node-mqtt-packet: DNE
xenial_node-mqtt-packet: DNE
artful_node-mqtt-packet: ignored (reached end-of-life)
bionic_node-mqtt-packet: not-affected (4.0.5-1)
cosmic_node-mqtt-packet: not-affected (4.0.5-1)
devel_node-mqtt-packet: not-affected (4.0.5-1)