PT-2018-8422 · Eclipse+2 · Eclipse Mosquitto+2

Ian Craggs

Publicado

2018-06-05

Atualizado

2019-06-20

CVE-2017-7653

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions prior to 1.4.15

Description The issue allows a malicious client to cause a denial of service for other clients by sending a topic string that is not valid UTF-8, causing them to disconnect from the broker.

Recommendations For Eclipse Mosquitto versions prior to 1.4.15, update to version 1.4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the broker to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2291

CVE-2017-7653

DLA-1525-1

DSA-4325-1

USN-4023-1

Produtos afetados

Alt Linux

Eclipse Mosquitto

Ubuntu

PT-2018-8422 · Eclipse+2 · Eclipse Mosquitto+2

CVE-2017-7653

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30