Heap Buffer Overflow Vulnerability in NanoMQ Product Line
CVE-2024-31036

6.8MEDIUM

Key Information:

Vendor: NanoMQ
Status: NanoMQ
Vendor: CVE Published:; 22 April 2024

What is CVE-2024-31036?

A vulnerability exists in the read_byte function of NanoMQ version 0.21.7, where a heap buffer overflow can be exploited by attackers. By transmitting specially crafted hexstreams, attackers are able to induce a denial of service condition in the affected software. It is crucial for users of NanoMQ to implement security best practices and apply updates to mitigate this risk.

References

https://github.com/nanomq/nanomq/issues/1722

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Mar 27, 2024

CVE-2024-31036 Data

JSON