CVE-2017-7654

HIGH

Eclipse Mosquitto <1.4.15 - DoS

Title source: llm

Description

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.

References (4)

[Issue Tracking, Patch, Third Party Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4325

[Vendor Advisory] https://usn.ubuntu.com/4023-1/

Scores

CVSS v3 7.5

EPSS 0.0145

EPSS Percentile 80.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772 CWE-401

Status published

Products (3)

debian/debian_linux 8.0

debian/debian_linux 9.0

eclipse/mosquitto < 1.4.15

Published Jun 05, 2018

Tracked Since Feb 18, 2026