In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
Debian Bug report logs -
#986701
mosquitto: CVE-2021-28166
Package:
src:mosquitto;
Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 9 Apr 2021 19:27:01 UTC
Severity: grave
Tags: security, upstream
Found in version mosquitto/209-1
...
In Eclipse Mosquitto version 200 to 209, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur ...
A fuzzing framework targeted at MQTT brokers. Modeled as a finite state machine (using Markov Modeling).
FUME: Fuzzing MQTT Brokers
Table of Contents
Introduction
Get Started
Configuring your Fuzzing Session
Crash Triage
Bugs Discovered with FUME
Introduction
FUME is a fuzzing engine targeted directly at MQTT brokers It uses both generation-guided and mutation-guided fuzzing techniques to craft fuzzy MQTT payloads to send to your target It also leverages a response feedback m