Lucene search

K

Veracode Vulnerability DatabaseVERACODE:5878

HistoryMar 05, 2018 - 3:20 a.m.

Denial Of Service (DoS) Through Memory Exhaustion

2018-03-0503:20:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.003

Percentile

68.9%

Mosquitto is vulnerable to denial of service (DoS) attacks. The vulnerability can be performed by unauthenticated clients and is caused when the brokers are unable to control limit memory usage when handling CONNECT packets. This allows multiple clients to cause a DoS through Memory Exhaustion.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=529754

github.com/eclipse/mosquitto/commit/e6cbff0e94ca6e39cd54dd88142d263261a37cba

lists.debian.org/debian-lts-announce/2018/03/msg00037.html

lists.debian.org/debian-lts-announce/2018/06/msg00016.html

mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/

www.debian.org/security/2018/dsa-4325

EPSS

0.003

Percentile

68.9%

Related for VERACODE:5878

cvelist1 alpinelinux1 prion1 nvd1 cve1 ubuntucve1 debiancve1 nessus6 debian4 openvas6 osv5 fedora4