Denial of Service Vulnerability in FlashMQ by Halfgaar
CVE-2024-42645

Currently unrated

Key Information:

Vendor: Halfgaar
Status: FlashMQ
Vendor: CVE Published:; 29 July 2025

What is CVE-2024-42645?

An issue has been identified in FlashMQ version 1.14.0 that enables attackers to trigger an assertion failure when a specially crafted retain message is sent. This can lead to a Denial of Service (DoS), adversely affecting the system's performance and availability. Users of FlashMQ are advised to upgrade to version 1.15.1 or later to mitigate this vulnerability.

References

https://github.com/halfgaar/FlashMQ

https://www.flashmq.org/2024/06/17/flashmq-1-15-1-released/

https://github.com/songxpu/bug_report/blob/master/MQTT/Fl...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Aug 5, 2024