Buffer Overflow Vulnerability in NanoMQ by NanoMQ Team
CVE-2024-31040

2.7LOW

Key Information:

Vendor: NanoMQ Team
Status: NanoMQ
Vendor: CVE Published:; 17 April 2024

🔔 Create NanoMQ Team Vulnerability Alert

What is CVE-2024-31040?

A buffer overflow vulnerability has been identified in the get_var_integer function located in mqtt_parser.c of NanoMQ version 0.21.7. This flaw allows remote attackers to exploit the system by sending specially crafted hexstreams, potentially leading to a denial of service. Organizations using the affected product should take immediate action to apply available security patches to mitigate the risk posed by this vulnerability.

References

https://github.com/nanomq/nanomq/issues/1720

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Mar 27, 2024

CVE-2024-31040 Data

JSON