CVE-2017-7652

Summary

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Mosquitto1.4.14affected

Weaknesses

  • CWE-789: CWE-789: Uncontrolled Memory Allocation

ADP Enrichment

CVE Program Container

Additional References

References