VDB
CVE-2018-12543
CVE-2018-12543
PUBLISHED
CVSS 7.5 HIGH
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.
EPSS 2.46% · 85.5th percentile
Risk Scores
CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
2.46%
85.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| eclipse | mosquitto | 1.5.0 |
| The Eclipse Foundation | Eclipse Mosquitto | 1.5, * |
Timeline
- Nov 15, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 12, 2023 EPSS Score