Heap Buffer Overflow Vulnerability in NanoMQ by EMQX
CVE-2023-33658

7.5HIGH

Key Information:

Vendor: EMQx
Status: NanoMQ
Vendor: CVE Published:; 8 June 2023

Summary

A heap buffer overflow vulnerability has been identified in NanoMQ version 0.17.2. The flaw arises when the function nni_msg_get_pub_pid() is invoked, which may allow attackers to manipulate memory allocation. Successful exploitation could lead to denial of service, impacting the availability and reliability of applications using NanoMQ. Users are encouraged to review the official patches and updates to mitigate possible risks associated with this vulnerability.

References

https://github.com/emqx/nanomq

https://github.com/emqx/nanomq/issues/1153

https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2023
Vulnerability Reserved
May 22, 2023