DoS on aedes broker because of incorrect error handling
Vulnerability
DoS on aedes broker because of incorrect error handling
Vulnerability Description
A specifically crafted payload which has published header and message length as 0 is sent to the server which crashes the server because of the improper error handling in writeNumberCached while trying to create a packet for Publish Release which fails at stream.write() as the datatype is an undefined array with -1 number as it is the packet id of the packet.
CVE-ID
CVE-2020-13410
Vendor
moscaJS
Product
aedes MQTT broker
Fix
https://github.com/moscajs/aedes/pull/493
Disclosure Timeline
18 May 2020 reported to the vendor
22 May 2020 Issue was fixed.
Credit
Arun Magesh