SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Eclipse Mosquitto MQTT SUBSCRIBE request topic parsing buffer overflow attempt
This event is generated when an attacker attempts to exploit a buffer overflow vulnerability in Eclipse Mosquitto.
Attempted User Privilege Gain
This rule checks for attempts to exploit a buffer overflow vulnerability in Eclipse Mosquitto's handling of MQTT SUBSCRIBE packets.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-11779In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
||Ease of Access||LOW