14 matches found
CVE-2026-8741 EMQX QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl race condition
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqxpersistentsessionds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is...
CVE-2025-59947
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...
CVE-2025-59947
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...
CVE-2025-59947 NanoMQ has Buffer Overflow
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...
CVE-2025-59947 NanoMQ has Buffer Overflow
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...
CVE-2025-59947 NanoMQ has Buffer Overflow
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...
NanoMQ 安全漏洞
NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A security vulnerability exists in NanoMQ versions prior to 0.24.4 that stems from a buffer overflow in PUBLISH packets triggering shared and normal subscriptions...
EUVD-2018-9361
Malware in sbrugna...
mosquitto: sending specific sequences of packets may trigger memory leak
A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets...
Losant Arduino MQTT Client Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of...
Denial of Service in mqtt
Affected versions of mqtt do not properly handle PUBLISH packets returning from the server, leading to a Denial of Service condition. The vulnerability is completely mitigated if the only connected servers are trusted, guaranteed not to be under the control of a malicious actor. Proof of Concept...
GHSA-H9MJ-FGHC-664W Denial of Service in mqtt
Affected versions of mqtt do not properly handle PUBLISH packets returning from the server, leading to a Denial of Service condition. The vulnerability is completely mitigated if the only connected servers are trusted, guaranteed not to be under the control of a malicious actor. Proof of Concept...
MQTT.js issue in handling PUBLISH packets
Overview MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#45494523: MQTT.js issue in handling PUBLISH packets
MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Impact Receiving a large number of packets from an MQTT broker may result in a denial-of-service DoS condition. Solution Update MQTT.js and rebuild the application Developers of...