PT-2018-8423 · Eclipse+2 · Eclipse Mosquitto+2

Daniel Romero

Published

2018-06-05

Updated

2019-10-03

CVE-2017-7654

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Mosquitto versions 1.4.15 and earlier

Description A Memory Leak issue was discovered in the Mosquitto Broker, allowing unauthenticated clients to send crafted CONNECT packets that could cause a denial of service.

Recommendations For Eclipse Mosquitto versions 1.4.15 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-401

Related Identifiers

ALT-PU-2018-2291

CVE-2017-7654

DLA-1525-1

DSA-4325-1

USN-4023-1

Affected Products

Alt Linux

Eclipse Mosquitto

Ubuntu

PT-2018-8423 · Eclipse+2 · Eclipse Mosquitto+2

CVE-2017-7654

Weakness Enumeration

Related Identifiers

Affected Products

References · 29