Mosquitto is vulnerable to denial of service (DoS) attacks. The vulnerability can be performed by unauthenticated clients and is caused when the brokers are unable to control limit memory usage when handling CONNECT
packets. This allows multiple clients to cause a DoS through Memory Exhaustion.
bugs.eclipse.org/bugs/show_bug.cgi?id=529754
github.com/eclipse/mosquitto/commit/e6cbff0e94ca6e39cd54dd88142d263261a37cba
lists.debian.org/debian-lts-announce/2018/03/msg00037.html
lists.debian.org/debian-lts-announce/2018/06/msg00016.html
mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
www.debian.org/security/2018/dsa-4325