CVE-2017-7653

EPSS 0.93%
Veröffentlicht 05.06.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:32:23
Quelle emo@eclipse.org
Teams Watchlist Login
Unerledigt Login

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eclipse ≫ Mosquitto Version <= 1.4.15

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.754

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2018/dsa-4325

Third Party Advisory

http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf

Third Party Advisory

https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113

Third Party Advisory

Issue Tracking

https://usn.ubuntu.com/4023-1/

https://nvd.nist.gov/vuln/detail/CVE-2017-7653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7653

EUVD