All the vulnerabilities related to the version 1.0.3 of the package
Denial of Service in mqtt-packet
Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.
Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or later.
Improper Input Validation and Buffer Over-read in mqtt-packet
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.
Remote Memory Exposure in bl
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
