CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incoming byte array. When parsing the Variable Header of a PUBLISH frame, the library reads the first two bytes to determine the topicLength. It then adds this length to …