Vulnerability	Vulnerable Version
H Buffer Over-read mqtt-packet is an Encoder and Decoder for MQTT. Affected versions of this package are vulnerable to Buffer Over-read. An attacker could trigger an out of range read on a buffer which throws a `RangeError`. `MQTT` Brokers using this module could be forced to crash by sending a specifically malformed `MQTT` Subscribe packet. How to fix Buffer Over-read? Upgrade `mqtt-packet` to version 3.5.1, 4.1.3, 5.6.1, 6.1.2 or higher.	<3.5.1>=4.0.0 <4.1.3>=5.0.0 <5.6.1>=6.0.0 <6.1.2
H Denial of Service (DoS) Insufficient validation of MQTT packets allows the attacker to crash the application using a specially crafted packet.	<3.4.6>4.0.0 <4.0.5

Buffer Over-read

mqtt-packet is an Encoder and Decoder for MQTT.

Affected versions of this package are vulnerable to Buffer Over-read. An attacker could trigger an out of range read on a buffer which throws a RangeError. MQTT Brokers using this module could be forced to crash by sending a specifically malformed MQTT Subscribe packet.

How to fix Buffer Over-read?

Upgrade mqtt-packet to version 3.5.1, 4.1.3, 5.6.1, 6.1.2 or higher.

<3.5.1>=4.0.0 <4.1.3>=5.0.0 <5.6.1>=6.0.0 <6.1.2

Denial of Service (DoS)

Insufficient validation of MQTT packets allows the attacker to crash the application using a specially crafted packet.

<3.4.6>4.0.0 <4.0.5

Go back to all versions of this package