CVE-2017-7653

2018-06-05T20:29:00
ID CVE-2017-7653
Type cve
Reporter security@eclipse.org
Modified 2019-06-20T19:15:00

Description

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.