CVE-2017-7652
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.
En Eclipse Mosquitto, si se establece una instancia de Mosquitto ejecutándose con un archivo de configuración, el envío de una señal HUP al servidor provoca que la configuración se recargue desde el disco. Si hay muchos clientes conectados de tal forma que ya no queden más descriptores de archivos/sockets disponibles (el límite normal por defecto suele ser de 1024 descriptores de archivos en Linux), no se podrá abrir el archivo de configuración.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-11 CVE Reserved
- 2018-04-25 CVE Published
- 2023-10-26 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-789: Memory Allocation with Excessive Size Value
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugs.eclipse.org/bugs/show_bug.cgi?id=530102 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652 | 2019-10-09 |
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2018/dsa-4325 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Eclipse Search vendor "Eclipse" | Mosquitto Search vendor "Eclipse" for product "Mosquitto" | >= 1.0 <= 1.4.14 Search vendor "Eclipse" for product "Mosquitto" and version " >= 1.0 <= 1.4.14" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|