{"containers": {"cna": {"affected": [{"product": "Eclipse Mosquitto", "vendor": "The Eclipse Foundation", "versions": [{"status": "affected", "version": "1.4.14"}]}], "datePublic": "2018-01-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "description": "CWE-789: Uncontrolled Memory Allocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-26T09:57:01.000Z", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1334-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/"}, {"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1409-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html"}, {"name": "DSA-4325", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4325"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7651", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Mosquitto", "version": {"version_data": [{"version_value": "1.4.14"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-789: Uncontrolled Memory Allocation"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1334-1] mosquitto security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html"}, {"name": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/", "refsource": "CONFIRM", "url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/"}, {"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1409-1] mosquitto security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html"}, {"name": "DSA-4325", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4325"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:12:27.908Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1334-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/"}, {"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1409-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html"}, {"name": "DSA-4325", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7651", "datePublished": "2018-04-24T14:00:00.000Z", "dateReserved": "2017-04-11T00:00:00.000Z", "dateUpdated": "2024-08-05T16:12:27.908Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "01C2095B-D7E4-46EE-89C0-0FC635DB4E05", "versionEndIncluding": "1.4.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol."}, {"lang": "es", "value": "En Eclipse Mosquitto 1.4.14, un usuario puede cerrar el servidor Mosquitto simplemente llenando la memoria RAM con muchas conexiones con una carga \u00fatil grande. Esto puede hacerse sin autenticaciones si ocurre en la fase de conexi\u00f3n del protocolo MQTT."}], "id": "CVE-2017-7651", "lastModified": "2024-11-21T03:32:22.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-24T14:29:00.437", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4325"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}