FlashMQ Assertion Failure Vulnerability in Retained Messages Leading to Denial-of-Service
Vulnerability
A vulnerability in FlashMQ version 1.14.0 allows remote attackers to cause an assertion failure by sending a crafted retained message. This issue arises when the message includes a non-zero topic alias, disrupting the broker's process of saving session and subscription states. The result is a crash of the MQTT broker, creating a denial-of-service condition.
Impact
Exploitation of this vulnerability causes the FlashMQ MQTT broker to crash, leading to a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by connecting to the FlashMQ broker and publishing a retained message with a non-zero topic alias. Following this, a subscription can be made to the same topic with a persistent session. After a short delay, the broker will crash when it attempts to save the session state, which triggers the assertion failure.
Remediation
Users are advised to upgrade to FlashMQ version 1.15.1 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.