Vulnerability: Denial of Service due to Configuration File Reload in Eclipse Mosquitto 1.4.14

Vulnerability: Denial of Service due to Configuration File Reload in Eclipse Mosquitto 1.4.14

CVE-2017-7652 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.