Nanomq
Monthly
NanoMQ MQTT Broker versions 0.24.6 and earlier are vulnerable to an out-of-bounds read in the MQTT v5 Variable Byte Integer parser, which lacks proper bounds validation when processing 5-byte varints. Remote unauthenticated attackers can trigger a denial of service by sending malformed MQTT packets that crash the broker. No patch is currently available for this vulnerability.
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). [CVSS 4.9 MEDIUM]
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted messages. This is a network-accessible DoS vulnerability with high availability impact (CVSS 7.5) that affects message broker deployments. The vulnerability requires no authentication or user interaction, making it easily exploitable in production environments.
NanoMQ MQTT Broker versions 0.24.6 and earlier are vulnerable to an out-of-bounds read in the MQTT v5 Variable Byte Integer parser, which lacks proper bounds validation when processing 5-byte varints. Remote unauthenticated attackers can trigger a denial of service by sending malformed MQTT packets that crash the broker. No patch is currently available for this vulnerability.
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). [CVSS 4.9 MEDIUM]
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted messages. This is a network-accessible DoS vulnerability with high availability impact (CVSS 7.5) that affects message broker deployments. The vulnerability requires no authentication or user interaction, making it easily exploitable in production environments.