cve/2017/CVE-2017-7654.md

### [CVE-2017-7654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7654)
![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Mosquitto&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%201.4.15%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-401%3A%20Improper%20Release%20of%20Memory%20Before%20Removing%20Last%20Reference&color=brighgreen)

### Description

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/andir/nixos-issue-db-example