CVE-2018-11615

HIGH

npm mosca < 2.8.2 - Unauthenticated Denial of Service via Crafted Topic Regular Expression

Title source: llm
STIX 2.1

Description

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://zerodayinitiative.com/advisories/ZDI-18-583

Scores

CVSS v3 7.5
EPSS 0.0335
EPSS Percentile 87.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-185 CWE-20
Status published
Products (2)
mosca_project/mosca 2.8.1
npm/mosca 0 - 2.8.2npm
Published Aug 30, 2018
Tracked Since Feb 18, 2026