Candidate: CVE-2017-7655
PublicDate: 2019-03-27 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7655
 https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
 https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24
Description:
 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference
 vulnerability was found in the Mosquitto library which could lead to
 crashes for those applications using the library.
Ubuntu-Description:
 It was discovered that Mosquitto incorrectly handled certain inputs. A remote
 attacker could possibly use this issue to cause a denial of service.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_mosquitto:
upstream_mosquitto: released (1.5.4-1)
precise/esm_mosquitto: DNE
trusty_mosquitto: not-affected (code not present)
trusty/esm_mosquitto: not-affected (code not present)
xenial_mosquitto: ignored (end of standard support, was needed)
bionic_mosquitto: needed
cosmic_mosquitto: ignored (reached end-of-life)
disco_mosquitto: not-affected (1.5.5-1.1)
eoan_mosquitto: not-affected (1.5.5-1.1)
focal_mosquitto: not-affected (1.5.5-1.1)
groovy_mosquitto: not-affected (1.5.5-1.1)
hirsute_mosquitto: not-affected (1.5.5-1.1)
impish_mosquitto: not-affected (1.5.5-1.1)
jammy_mosquitto: not-affected (1.5.5-1.1)
devel_mosquitto: not-affected (1.5.5-1.1)