79 matches found
CVE-2026-45151
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
CVE-2026-45151
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
CVE-2026-45151
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
EUVD-2026-33429
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
CVE-2026-45151 NanoMQ: NULL Pointer Dereference
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
CVE-2026-45151
NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...
NanoMQ 代码问题漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.8 have code vulnerabilities. These vulnerabilities stem from the quicstreamrecv function, which cancels references to empty substream pointers when the substream is reopened,...
PT-2026-44986
Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.9 Description NanoMQ is an Edge Messaging Platform. A null pointer dereference can occur in the quic stream recv function when a substream is in a reopen state. The system completes the Asynchronous I/O AIO...
CVE-2026-43437
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...
CVE-2026-43437
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the process context workqueue from amdtpdomainstreampcmpointer and updatepcmpointers, thereby eliminating its overhead. With...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Do not pick up BE without a substream When DPCM attempts to establish valid BE connections using dpcmaddpaths, it does not check whether the selected BE actually supports the given stream direction. As a result, when ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for a null pointer of the pointer substream before dereferencing it. The pointer substream is dereferenced during the assignment of the pointer to the card. This occurs before the substream is checked for nullnes...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work when closing a MIDI substream When closing a USB MIDI output substream, there may still be pending work. This work would eventually access the rawmidi runtime object that is being released. To...
CVE-2026-34063
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
CVE-2026-34063 network-libp2p: Peer can crash the node by opening discovery protocol substream twice
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
EUVD-2026-25058
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
CVE-2026-34063
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
CVE-2026-34063 network-libp2p: Peer can crash the node by opening discovery protocol substream twice
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
PT-2026-34544
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...