Security Advisory

CVE-2019-13120

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-07 21:57:48

Last updated 2024-08-04 23:41:10

Assigner mitre

State PUBLISHED

Description

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.

← Browse all CVEs View on cve.org ↗