Memory Leak in Mosquitto Broker Affects Eclipse Products
CVE-2017-7654

7.5HIGH

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Mosquitto
Vendor
CVE Published:
5 June 2018

What is CVE-2017-7654?

A memory leak vulnerability in the Eclipse Mosquitto Broker allows unauthenticated clients to send specially crafted CONNECT packets. This can result in service disruption by exhausting available memory, leading to a denial-of-service situation. Users operating versions 1.4.15 and earlier are particularly affected, necessitating prompt attention to security updates to mitigate potential risks.

Affected Version(s)

Eclipse Mosquitto <= 1.4.15

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/09/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4325
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.