Forged packets (without PKI) over MQTT can show up in direct messages

Moderate

thebentern published GHSA-c967-qc39-3hf5

Feb 15, 2025

Package

No package listed

Affected versions

>= 2.5.0 <= 2.5.18

Patched versions

2.5.19

Description

Crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC.