Skip to main content

Nanomq CVE-2024-31040

LOW
Classic Buffer Overflow (CWE-120)
2024-04-17 cve@mitre.org
2.7
CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 17, 2024 - 19:15 cve.org
LOW 2.7

DescriptionCVE.org

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.

AnalysisAI

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. Affected products include: Emqx Nanomq.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Nanomq

View all
CVE-2023-34488 HIGH POC
7.8 Jun 12

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes

CVE-2024-42646 HIGH POC
7.5 Jul 14

CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to

CVE-2024-31041 HIGH POC
7.5 Apr 17

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to c

CVE-2023-33657 HIGH POC
7.5 Jun 08

A use-after-free vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely e

CVE-2023-33660 HIGH POC
7.5 Jun 08

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-33658 HIGH POC
7.5 Jun 08

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-33659 HIGH POC
7.5 Jun 06

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-29996 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and un

CVE-2023-29995 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c. Rated high severity (CVSS 7.5),

CVE-2023-29994 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. Rated high severity (CVSS 7.5), this vul

CVE-2024-31036 MEDIUM POC
6.8 Apr 22

A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of

CVE-2024-42649 MEDIUM POC
6.5 Jul 14

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a

Share

CVE-2024-31040 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy