Nanomq
by Emqx
Source repositories
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42646 | 0.00 | — | 0.00 | Jul 14, 2025 | A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages. | |||
| CVE-2024-44460 | 0.00 | — | 0.00 | Sep 12, 2024 | An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | |||
| CVE-2024-31036 | 0.00 | — | 0.00 | Apr 22, 2024 | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | |||
| CVE-2024-31040 | 0.00 | — | 0.01 | Apr 17, 2024 | Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | |||
| CVE-2024-31041 | 0.00 | — | 0.01 | Apr 17, 2024 | Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | |||
| CVE-2024-25767 | 0.00 | — | 0.01 | Feb 26, 2024 | nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. | |||
| CVE-2023-34494 | 0.00 | — | 0.01 | Jun 12, 2023 | NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. | |||
| CVE-2023-34488 | 0.00 | — | 0.01 | Jun 12, 2023 | NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. | |||
| CVE-2023-33657 | 0.00 | — | 0.01 | Jun 8, 2023 | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a… | |||
| CVE-2023-33660 | 0.00 | — | 0.01 | Jun 8, 2023 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||
| CVE-2023-33658 | 0.00 | — | 0.01 | Jun 8, 2023 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||
| CVE-2023-33659 | 0.00 | — | 0.01 | Jun 6, 2023 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||
| CVE-2023-33656 | 0.00 | — | 0.00 | May 30, 2023 | A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. | |||
| CVE-2023-29994 | 0.00 | — | 0.01 | May 4, 2023 | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. | |||
| CVE-2023-29995 | 0.00 | — | 0.01 | May 4, 2023 | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c |
- CVE-2024-42646Jul 14, 2025risk 0.00cvss —epss 0.00
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
- CVE-2024-44460Sep 12, 2024risk 0.00cvss —epss 0.00
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
- CVE-2024-31036Apr 22, 2024risk 0.00cvss —epss 0.00
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
- CVE-2024-31040Apr 17, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.
- CVE-2024-31041Apr 17, 2024risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
- CVE-2024-25767Feb 26, 2024risk 0.00cvss —epss 0.01
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
- CVE-2023-34494Jun 12, 2023risk 0.00cvss —epss 0.01
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
- CVE-2023-34488Jun 12, 2023risk 0.00cvss —epss 0.01
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
- CVE-2023-33657Jun 8, 2023risk 0.00cvss —epss 0.01
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a…
- CVE-2023-33660Jun 8, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.
- CVE-2023-33658Jun 8, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.
- CVE-2023-33659Jun 6, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.
- CVE-2023-33656May 30, 2023risk 0.00cvss —epss 0.00
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.
- CVE-2023-29994May 4, 2023risk 0.00cvss —epss 0.01
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.
- CVE-2023-29995May 4, 2023risk 0.00cvss —epss 0.01
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
Page 2 of 2