Heap Buffer Overflow Vulnerability in NanoMQ by EMQX
CVE-2023-34488

7.8HIGH

Key Information:

Vendor: EMQx
Status: NanoMQ
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-34488?

A heap buffer overflow vulnerability exists in NanoMQ version 0.17.5, specifically within the conn_handler function in mqtt_parser.c. This issue arises when the software processes malformed MQTT messages, potentially allowing an attacker to exploit this flaw for malicious purposes. Users are urged to review this vulnerability and implement necessary precautions.

References

https://github.com/emqx/nanomq/issues/1181

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 7, 2023

EMQx

What is CVE-2023-34488?

References

CVSS V3.1

Timeline