3.5
CVSSv2

CVE-2017-7653

Published: 05/06/2018 Updated: 20/06/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Summary

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.

Vulnerability Trend

Vendor Advisories

Several security issues were fixed in Mosquitto ...
Debian Bug report logs - #911265 mosquitto: CVE-2017-7654 Package: src:mosquitto; Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Oct 2018 20:09:01 UTC Severity: grave Tags: patch, security, upstream Found in version mosquitto/14 ...
Debian Bug report logs - #911266 mosquitto: CVE-2017-7653 Package: src:mosquitto; Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Oct 2018 20:09:03 UTC Severity: grave Tags: patch, security, upstream Found in version mosquitto/14 ...
It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors For the stable distribution (stretch), these problems have been fixed in version 1410-3+deb9u2 We recommend that you upgrade your mosquitto packages For the detailed security status of mosquitto pleas ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4325-1 security () debian org wwwdebianorg/security/ Sebastien Delafond October 25, 2018 wwwdebianorg/security/faq ...

Github Repositories

Nix Issue Database Example This repository is an example output of a tool that I have been tinkering wit for some time now This repository aims to provide the following properties without introducing the need for a "proper" database The files and the output should be parsable using standard shell utilities Tools that ease the usage and/or provide aggregated outputs