16 matches found
CVE-2026-21888
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
EUVD-2026-11190
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
CVE-2026-21888 MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
CVE-2026-21888
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
CVE-2026-22040
The vulnerability CVE-2026-22040 affects NanoMQ (NanoMQ) Broker version 0.24.6. A crafted traffic pattern—high-frequency publishes with rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter—can reliably trigger a heap memory corruption in the Broker process, ca...
CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
NanoMQ 资源管理错误漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Version 0.24.6 of NanoMQ contains a resource management vulnerability caused by heap memory corruption, which may lead to the immediate termination of the proxy process...
CVE-2025-68699
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...
CVE-2025-68699
CVE-2025-68699 affects NanoMQ NanoMQ 0.24.6 where a malformed $share/ SUBSCRIBE topic (e.g., $share/ab) is not strictly validated, allowing an invalid topic filter to be stored. When a PUBLISH matches, nmq_pipe_send_start_v4/v5 re-parses the topic using strchr(); if the second strchr() returns NU...
EUVD-2025-206782
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...
CVE-2025-68699 NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...
NATS Server Security Vulnerability
NATS Server is an open source messaging system. The system is primarily used for cloud-native applications, IoT messaging, and microservices architectures. NATS.io A security vulnerability exists in NATS Server versions prior to 2.8.2 and Streaming Server versions prior to 0.24.6, which stems fro...
PT-2024-11549 · Unknown · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS Server versions prior to 2.8.2 NATS Streaming Server versions prior to 0.24.6 Description: The issue is caused by the failure to enforce negative user permissions in one scenario, allowing a remote attacker to bypass security restriction...