Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-7652

Published: August 31, 2023Last modified: August 31, 2023

Description

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSmosquittoNot affected (2.0.15-r1)
StreammosquittoNot affected (2.0.17-r0)

References

ON THIS PAGE