CVE-2017-7653
published 2018-06-05CVE-2017-7653: The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject…
PriorityP423medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
EPSS
1.45%
70.2th percentile
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | mosquitto | < mosquitto 1.5.4-1 (bookworm) | mosquitto 1.5.4-1 (bookworm) |
| eclipse | mosquitto | <= 1.4.15 | — |
| eclipse | mosquitto | >= 0 < 1.5.4-1 | 1.5.4-1 |
| eclipse | mosquitto | >= 0 < 1.5.4-1 | 1.5.4-1 |
| eclipse | mosquitto | >= 0 < 1.5.4-1 | 1.5.4-1 |
| eclipse | mosquitto | >= 0 < 1.5.4-1 | 1.5.4-1 |
| the_eclipse_foundation | eclipse_mosquitto | unspecified – 1.4.15 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Mosquitto vulnerabilities
vendor_ubuntu·2019-06-20
CVE-2017-7653 Mosquitto vulnerabilities
Title: Mosquitto vulnerabilities
Summary: Several security issues were fixed in Mosquitto.
It was discovered that Mosquitto broker incorrectly handled certain specially
crafted input and network packets. A remote attacker could use this to cause a
denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2017-7653: mosquitto - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that a...
vendor_debian·2017·CVSS 5.3
CVE-2017-7653 [MEDIUM] CVE-2017-7653: mosquitto - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that a...
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
Scope: local
bookworm: resolved (fixed in 1.5.4-1)
bullseye: resolved (fixed in 1.5.4-1)
forky: resolved (fixed in 1.5.4-1)
sid: resolved (fixed in 1.5.4-1)
trixie: resolved (fixed in 1.5.4-1)
GHSA
GHSA-9xf7-gm92-xr5m: The Eclipse Mosquitto broker up to version 1
ghsa_unreviewed·2022-05-14
CVE-2017-7653 [MEDIUM] CWE-20 GHSA-9xf7-gm92-xr5m: The Eclipse Mosquitto broker up to version 1
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
OSV
CVE-2017-7653: The Eclipse Mosquitto broker up to version 1
osv·2018-06-05·CVSS 5.3
CVE-2017-7653 [MEDIUM] CVE-2017-7653: The Eclipse Mosquitto broker up to version 1
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [fedora-all]
bugzilla·2018-06-08·CVSS 5.3
CVE-2017-7653 [MEDIUM] CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [fedora-all]
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messa
Bugzilla
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect
bugzilla·2018-06-08·CVSS 5.3
CVE-2017-7653 [MEDIUM] CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
Upstream Bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
Discussion:
Created mosquitto tracking bugs for this issue:
Affects: epel-7 [bug 1588901]
Affects: fedora-all [bug 1588902]
Bugzilla
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [epel-7]
bugzilla·2018-06-08·CVSS 5.3
CVE-2017-7653 [MEDIUM] CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [epel-7]
CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Di
arXiv
Towards Secure Wireless Mesh Networks for UAV Swarm Connectivity: Current Threats, Research, and Opportunities
arxiv_fulltext·2021-07-12
Towards Secure Wireless Mesh Networks for UAV Swarm Connectivity: Current Threats, Research, and Opportunities
Towards Secure Wireless Mesh Networks
for UAV Swarm Connectivity:
Current Threats, Research, and Opportunities
Martin Andreoni Lopez,
Michael Baddeley, Willian T. Lunardi, Anshul Pandey and Jean-Pierre Giacalone
Secure Systems Research Center (SSRC),
Technology Innovation Institute (TII)
Abu Dhabi, United Arab Emirates
\martin, michael, willian, anshul, jean-pierre\@ssrc.tii.ae
## Abstract
UAVs are increasingly appearing in swarms or formations to leverage cooperative behavior, forming flying ad hoc networks. These UAV-enabled networks can meet several complex mission requirements and are seen as a potential enabler for many of the emerging use-cases in
future communication networks. Such networks, however, are characterized by a highly dynamic and mobile environment with no guarantee
http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdfhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=532113https://lists.debian.org/debian-lts-announce/2018/09/msg00036.htmlhttps://usn.ubuntu.com/4023-1/https://www.debian.org/security/2018/dsa-4325http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdfhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=532113https://lists.debian.org/debian-lts-announce/2018/09/msg00036.htmlhttps://usn.ubuntu.com/4023-1/https://www.debian.org/security/2018/dsa-4325
2018-06-05
Published