Heap Use-After-Free Vulnerability in NanoMQ by EMQX
CVE-2023-34494

7.5HIGH

Key Information:

Vendor: EMQx
Status: NanoMQ
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-34494?

The NanoMQ product version 0.16.5 exhibits a heap-use-after-free vulnerability in the nano_ctx_send function found within nmq_mqtt.c. This flaw may allow an attacker to exploit the memory management error, potentially leading to unintended behavior, including arbitrary code execution or application crashes. Users are advised to review the implementation of the affected function to mitigate risks associated with memory handling.

References

https://github.com/emqx/nanomq/issues/1180

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 7, 2023

EMQx

What is CVE-2023-34494?

References

CVSS V3.1

Timeline