CVE-2018-11615
HIGHnpm mosca < 2.8.2 - Unauthenticated Denial of Service via Crafted Topic Regular Expression
Title source: llmDescription
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://zerodayinitiative.com/advisories/ZDI-18-583
Scores
CVSS v3
7.5
EPSS
0.0335
EPSS Percentile
87.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-185
CWE-20
Status
published
Products (2)
mosca_project/mosca
2.8.1
npm/mosca
0 - 2.8.2npm
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026