Null Dereference Vulnerability in Eclipse Mosquitto by Eclipse Foundation
CVE-2017-7655

7.5HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Mosquitto
Vendor: CVE Published:; 27 March 2019

What is CVE-2017-7655?

In versions ranging from 1.0 to 1.4.15 of the Mosquitto library, a null dereference vulnerability has been identified that may cause the application utilizing the library to experience crashes. This issue can affect the stability of applications relying on Mosquitto for message queuing, potentially leading to downtime or service interruptions. Users of affected versions are urged to apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Eclipse Mosquitto 1.0

Eclipse Mosquitto <= 1.4.15

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2019/10/msg0...

mailing-listx_refsource_MLIST

https://lists.debian.org/debian-lts-announce/2021/10/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2019
Vulnerability Reserved
Apr 11, 2017

The Eclipse Foundation

What is CVE-2017-7655?

Affected Version(s)

References

CVSS V3.1

Timeline