Assertion Failure in FlashMQ Affects Publish Functionality
CVE-2024-42644

Currently unrated

Key Information:

Vendor: FlashMQ
Status: FlashMQ
Vendor: CVE Published:; 29 July 2025

What is CVE-2024-42644?

An assertion failure has been identified in FlashMQ version 1.14.0, specifically within the PublishCopyFactory::getNewPublish function. This issue occurs when the Quality of Service (QoS) value of the publish object exceeds zero, potentially disrupting normal publishing operations. Users of FlashMQ should be aware of this vulnerability and consider upgrading to the latest version to mitigate any associated risks.

References

https://github.com/halfgaar/FlashMQ

https://www.flashmq.org/2024/06/17/flashmq-1-15-1-released/

https://github.com/songxpu/bug_report/blob/master/MQTT/Fl...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Aug 5, 2024