Unauthenticated malicious clients can cause OOM in mosquitto
Bug #1752125 reported by
Roger Light
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mosquitto (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Unauthenticated MQTT clients can send a crafted CONNECT packet to the Mosquitto broker which causes large amounts of memory to be allocated. If many clients do this at the same time, an OOM situation occurs and the broker is killed by the kernel.
This affects all versions up mosquitto up to and including 1.4.14. It is fixed in mosquitto 1.4.15.
This has been registered as CVE-2017-7651.
Patches for current versions of mosquitto will be available at https:/
information type: | Private Security → Public Security |
To post a comment you must log in.