CVE-2017-7651

Summary

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Mosquitto1.4.14affected

Weaknesses

  • CWE-789: CWE-789: Uncontrolled Memory Allocation

ADP Enrichment

CVE Program Container

Additional References

References