Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33658

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.

Published

2023-06-08T12:15:09.240

Last Modified

2025-01-06T21:15:11.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emqx	nanomq	0.17.2	Yes

References

https://github.com/emqx/nanomq Product ([email protected])
https://github.com/emqx/nanomq/issues/1153 Exploit ([email protected])
https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee0e6413483b990e90610030c1 Patch ([email protected])
https://github.com/emqx/nanomq Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/emqx/nanomq/issues/1153 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee0e6413483b990e90610030c1 Patch (af854a3a-2127-422b-91ae-364da2661108)