The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Mosquitto: NULL pointer dereference

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced of Mosquitto, in order to trigger a denial of service.
Vulnerable software: Debian.
Severity of this announce: 2/4.
Creation date: 28/10/2019.
Références of this computer vulnerability: CVE-2017-7655, DLA-1972-1, VIGILANCE-VUL-30721.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced of Mosquitto, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat note impacts software or systems such as Debian.

Our Vigil@nce team determined that the severity of this cybersecurity note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability note.

Solutions for this threat 

Debian 8: new mosquitto packages.
New packages are available:
  Debian 8: mosquitto 1.3.4-2+deb8u4
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.