CVE-2018-12543 is a vulnerability in Eclipse Mosquitto
Published on November 15, 2018
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2018-12543 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2018-12543
Want to know whenever a new CVE is published for Eclipse Mosquitto? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Mosquitto:- Version 1.5 and below unspecified is affected.
- Version unspecified, <= 1.5.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.