CVE-2019-11779 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
eclipse	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
eclipse	mosquitto	1.5 ≤ 𝑥 < 1.5.9
eclipse	mosquitto	1.6 ≤ 𝑥 < 1.6.6
canonical	ubuntu_linux	19.04
opensuse	backports_sle	15.0:sp1
opensuse	leap	15.1
debian	debian_linux	8.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

mosquitto

bullseye (security)	2.0.11-1+deb11u1 fixed
bullseye	2.0.11-1+deb11u1 fixed
stretch	not-affected
bookworm	2.0.11-1.2+deb12u1 fixed
bookworm (security)	2.0.11-1.2+deb12u1 fixed
sid	2.0.20-1 fixed
trixie	2.0.20-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

mosquitto

disco	Fixed 1.5.7-1ubuntu0.1 released
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html

https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160

https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/

https://seclists.org/bugtraq/2019/Nov/25

https://usn.ubuntu.com/4137-1/

https://www.debian.org/security/2019/dsa-4570

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html

https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160

https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWNVTFA2CKXERXRYPYE2YFTZP4GNBGYY/

https://seclists.org/bugtraq/2019/Nov/25

https://usn.ubuntu.com/4137-1/

https://www.debian.org/security/2019/dsa-4570