Denial of Service Vulnerability in NanoMQ by EMQX
CVE-2024-42650

7.5HIGH

Key Information:

Vendor: EMQX
Status: NanoMQ
Vendor: CVE Published:; 15 July 2025

What is CVE-2024-42650?

A segmentation fault has been identified in the NanoMQ version 0.17.5, specifically located in the /nanomq/pub_handler.c component. Attackers can exploit this vulnerability by sending a specially crafted PUBLISH message, leading to a Denial of Service (DoS) condition. This flaw potentially disrupts the normal operation of the affected application, emphasizing the need for immediate attention and remediation.

References

https://github.com/nanomq/nanomq

https://github.com/emqx/nanomq/issues/1168

https://github.com/nanomq/nanomq/pull/1170

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Aug 5, 2024