Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 43: mqttcli Critical Integer Overflow Update 2025-89758d1b13

fedora
Calendar Grey December 20, 2025
Dist Fedora Esm H88
Update mqttcli on Fedora 43 fixes critical integer overflow threats in the software, ensuring better reliability.
Update to 0.2.8

Summary

mqttcli provides two programs (pub and sub) that allow command-line access to an

MQTT broker.

sub subscribes to a topic and prints messages received to standard output.

pub publishes the provided message to the provided topic. Both programs

accept flags that can be provided as a config file.

Update Information:

Update to 0.2.8

Topics%20covered

Topics Covered

security advisory fedora critical network protocol integer overflow mqttcli

Change Log

* Wed Dec 17 2025 Link Dupont - 0.2.8-1 - Update to 0.2.8 (RHBZ#2423020, RHBZ#2423010, RHBZ#2411647, RHBZ#2410751, RHBZ#2409801, RHBZ#2408328) * Wed Dec 17 2025 Link Dupont - 0.2.7-1 - Update to 0.2.7 * Fri Oct 10 2025 Alejandro Sez - 0.2.5-9 - rebuild

References


[ 1 ] Bug #2408328 - CVE-2025-58189 mqttcli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408328 [ 2 ] Bug #2409801 - CVE-2025-61723 mqttcli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409801 [ 3 ] Bug #2410751 - CVE-2025-58185 mqttcli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410751 [ 4 ] Bug #2411647 - CVE-2025-58188 mqttcli: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411647 [ 5 ] Bug #2423010 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2423010 [ 6 ] Bug #2423020 - CVE-2025-10543 mqttcli: paho.mqtt.g...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-89758d1b13' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mqttcli
Product: Fedora 43
Version: 0.2.8
Release: 1.fc43
URL: https://github.com/subpop/mqttcli
Summary: A simple MQTT command-line client

Topics%20covered

Topics Covered

security advisory fedora critical network protocol integer overflow mqttcli

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here