Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 664094 (CVE-2017-7654)

Summary: <app-misc/mosquitto-1.5: Broker DoS through a Memory Leak vulnerability
Product: Gentoo Security Reporter: Manuel Rüger (RETIRED) <mrueg>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: proxy-maint, ramage.lucas
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 656572, 664366, 668436    
Bug Blocks:    

Description Manuel Rüger (RETIRED) gentoo-dev 2018-08-20 08:32:38 UTC
A memory leak vulnerability was found within the Mosquitto Broker (src/read_handle_server.c file), which using crafted CONNECT messages a malicious user could carry out denial of service attacks.

Please version bump to 1.5.1
Comment 1 Rage <oxr463> 2018-08-23 16:00:19 UTC
I'll get right on this.
Comment 2 Virgil Dupras (RETIRED) gentoo-dev 2018-10-11 16:10:12 UTC
Lucas, if the package is OK for a fast-track security stabilization, please make this bug into a stablereq. Thanks.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 01:40:14 UTC
GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].