Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 664094 (CVE-2017-7654) - <app-misc/mosquitto-1.5: Broker DoS through a Memory Leak vulnerability
Summary: <app-misc/mosquitto-1.5: Broker DoS through a Memory Leak vulnerability
Alias: CVE-2017-7654
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: 656572 664366 CVE-2018-12543
  Show dependency tree
Reported: 2018-08-20 08:32 UTC by Manuel Rüger (RETIRED)
Modified: 2019-03-10 01:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2018-08-20 08:32:38 UTC
A memory leak vulnerability was found within the Mosquitto Broker (src/read_handle_server.c file), which using crafted CONNECT messages a malicious user could carry out denial of service attacks.

Please version bump to 1.5.1
Comment 1 Rage <oxr463> 2018-08-23 16:00:19 UTC
I'll get right on this.
Comment 2 Virgil Dupras (RETIRED) gentoo-dev 2018-10-11 16:10:12 UTC
Lucas, if the package is OK for a fast-track security stabilization, please make this bug into a stablereq. Thanks.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 01:40:14 UTC
GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].