CVE-2017-7651

{"id": "CVE-2017-7651", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-04-24T14:29:00.437", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=529754", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/", "tags": ["Patch", "Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.debian.org/security/2018/dsa-4325", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol."}, {"lang": "es", "value": "En Eclipse Mosquitto 1.4.14, un usuario puede cerrar el servidor Mosquitto simplemente llenando la memoria RAM con muchas conexiones con una carga \u00fatil grande. Esto puede hacerse sin autenticaciones si ocurre en la fase de conexi\u00f3n del protocolo MQTT."}], "lastModified": "2019-10-09T23:29:48.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01C2095B-D7E4-46EE-89C0-0FC635DB4E05", "versionEndIncluding": "1.4.14"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}