VYPR
Unrated severityNVD Advisory· Published Sep 24, 2019· Updated Aug 5, 2024

CVE-2019-16754

CVE-2019-16754

Description

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • RIOT/RIOTdescription
  • Riot OS/Riotllm-fuzzy
    Range: = 2019.07

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.