CVE-2017-7652

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto version 1.4.14

Description The issue occurs when a Mosquitto instance is running with a configuration file and a HUP signal is sent to the server, triggering a configuration reload from disk. If there are numerous clients connected, exhausting the available file descriptors/sockets (typically 1024 on Linux), the configuration file cannot be opened.

Recommendations For Eclipse Mosquitto version 1.4.14, consider increasing the file descriptor limit to prevent exhaustion when numerous clients are connected, or implement a mechanism to handle the reload of the configuration file without requiring additional file descriptors. As a temporary workaround, consider restricting the number of clients that can connect to the server to prevent file descriptor exhaustion when the configuration is reloaded.