CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33657
https://notcve.org/view.php?id=CVE-2023-33657
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1165#issue-1668648319 https://github.com/emqx/nanomq/pull/1187 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33658
https://notcve.org/view.php?id=CVE-2023-33658
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1153 https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee0e6413483b990e90610030c1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33660
https://notcve.org/view.php?id=CVE-2023-33660
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1155 https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33659
https://notcve.org/view.php?id=CVE-2023-33659
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1154 https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33656
https://notcve.org/view.php?id=CVE-2023-33656
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1164 https://github.com/emqx/nanomq/issues/1165#issuecomment-1515667127 • CWE-770: Allocation of Resources Without Limits or Throttling •