CVE-2018-11615
CVE-2018-11615
In short
A flaw in npm mosca 2.8.1 allows attackers to crash the message broker by sending a specially crafted topic with a malicious regular expression, causing the service to become unavailable without requiring authentication.
Technical detail
CWE-20 input validation vulnerability in npm mosca 2.8.1's topic processing mechanism allows unauthenticated remote attackers to trigger a denial of service by submitting a crafted regular expression that causes unhandled exception and broker crash. Attack vector is network-based with no authentication requirement.
Summary generated and translated by AI from the official description.
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.
Affected products
npm · npm moscaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →