Hi maintainers,
I identified two potential security issues during fuzzing and code audit using our newly developed fuzzing tool (MBfuzzer), and would like to disclose full technical details privately.
-
Packet parsing / frame assembly appears to trust a declared length too early and may allocate large buffers before sufficient validation or completion checks.
- Potential impact: remote resource exhaustion / denial of service.
-
Topic filter matching logic appears to have an unchecked boundary/path in wildcard handling.
- Potential impact: out-of-bounds read (observed under AddressSanitizer), possible crash/DoS.
I have working repro cases and sanitizer output, but I’m intentionally not posting exploit details publicly.
Could you share a secure contact channel for responsible disclosure?
If you prefer, I can also submit through GitHub Security Advisory/private report flow.
Thanks.
Hi maintainers,
I identified two potential security issues during fuzzing and code audit using our newly developed fuzzing tool (MBfuzzer), and would like to disclose full technical details privately.
Packet parsing / frame assembly appears to trust a declared length too early and may allocate large buffers before sufficient validation or completion checks.
Topic filter matching logic appears to have an unchecked boundary/path in wildcard handling.
I have working repro cases and sanitizer output, but I’m intentionally not posting exploit details publicly.
Could you share a secure contact channel for responsible disclosure?
If you prefer, I can also submit through GitHub Security Advisory/private report flow.
Thanks.