In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service under sustained attack.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://github.com/JustDoIt0910/tinyMQTT/issues/19 |
|
History
Tue, 20 Jan 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service under sustained attack. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-01-20T15:40:10.708Z
Reserved: 2025-08-16T00:00:00.000Z
Link: CVE-2025-56353
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-20T16:16:05.700
Modified: 2026-01-20T16:16:05.700
Link: CVE-2025-56353
Redhat
No data.
OpenCVE Enrichment
No data.