Bug 2418268 (CVE-2025-10543) - CVE-2025-10543 paho.mqtt.golang: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding
Summary: CVE-2025-10543 paho.mqtt.golang: paho.mqtt.golang: Integer Overflow in UTF-8 ...
Keywords:
Status: NEW
Alias: CVE-2025-10543
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2422996 2422997 2422998 2422999 2423000 2423002 2423003 2423004 2423006 2423008 2423009 2423011 2423013 2423015 2423017 2423018 2423021 2423001 2423005 2423007 2423010 2423012 2423014 2423016 2423020 2423022
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-02 09:01 UTC by OSIDB Bzimport
Modified: 2026-01-05 10:03 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-02 09:01:16 UTC 
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet).


The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).
Note You need to log in before you can comment on or make changes to this bug.