Denial of Service Vulnerability in Nanomq by zzh-newlearner
CVE-2024-44460

7.5HIGH

Key Information:

Vendor: EMQx
Status: NanoMQ
Vendor: CVE Published:; 12 September 2024

Summary

An invalid read size vulnerability in Nanomq version 0.21.9 poses significant security risks, allowing attackers to trigger a Denial of Service (DoS) condition. This flaw can be exploited to cause the service to become unresponsive, impacting its availability and the ability of legitimate users to access the service. Proper mitigations and updates are essential to protect against potential exploits targeting this weakness.

References

https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Na...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2024