CVE-2024-48077

An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service DoS via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services...

CVE-2024-48077

Nanomq v0.22.7 is affected by a DoS via a crafted request that causes the recv-q queue to grow, leading to broker deadlock and service disruption. The public sources (NVD/Red Hat OSV/PT-Security/etc.) describe the impact but do not provide a confirmed patched version; one PT-Security entry explic...

CVE-2023-29995

In NanoMQ v0.15.0-0, a Heap overflow occurs in copynutf8str function of mqttparser.c...

CVE-2023-29996

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...

EUVD-2023-33526

Malicious code in bioql PyPI...

PT-2025-31246 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.9 Description: NanoMQ version 0.17.9 contains a heap use-after-free vulnerability within the sub Ctx handle component. This issue allows attackers to trigger a denial-of-service DoS condition by sending a specially crafted...

PT-2024-23737 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.21.7 Description: The issue is related to a Buffer Overflow vulnerability in the get var integer function in mqtt parser.c. This allows remote attackers to cause a denial of service via a series of specially crafted hexstream...

PT-2024-21132 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: nanomq version 0.21.2 Description: The issue is a Use-After-Free vulnerability located in /nanomq/nng/src/core/socket.c. Recommendations: For nanomq version 0.21.2, at the moment, there is no information about a newer version that contains a...

PT-2023-24436 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.2 Description: A use-after-free issue exists due to improper data tracing. This can be triggered by calling the function nni mqtt msg get publish property in the file mqtt msg.c, potentially allowing an attacker to cause a...

PT-2023-24440 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.2 Description: A heap buffer overflow issue exists, which can be triggered by calling the function copyn str in the file mqtt parser.c. This can lead to a denial of service attack. Recommendations: For NanoMQ version 0.17....

CVE-2023-33659

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmqsubinfodecode in the file mqttparser.c. An attacker could exploit this vulnerability to cause a denial of service attack...

Null pointer dereference

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...