Heap Buffer Overflow Vulnerability in NanoMQ by EMQX
CVE-2023-34488

7.8HIGH

Key Information:

Vendor: EMQx
Status: NanoMQ
Vendor: CVE Published:; 12 June 2023

Summary

A heap buffer overflow vulnerability exists in NanoMQ version 0.17.5, specifically within the conn_handler function in mqtt_parser.c. This issue arises when the software processes malformed MQTT messages, potentially allowing an attacker to exploit this flaw for malicious purposes. Users are urged to review this vulnerability and implement necessary precautions.

References

https://github.com/emqx/nanomq/issues/1181

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 7, 2023