CVE-2020-13410

HIGH

MoscaJS Aedes <0.42.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/moscajs/aedes/pull/493
Exploit, Third Party Advisory x_refsource_misc
https://payatu.com/advisory/dos-in-aedes-mqtt-broker
Technical Description x_refsource_misc
https://cwe.mitre.org/data/definitions/248.html

Scores

CVSS v3 7.5
EPSS 0.0225
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-755
Status published
Products (2)
aedes_project/aedes 0.42.0
npm/aedes 0 - 0.42.1npm
Published Aug 26, 2020
Tracked Since Feb 18, 2026