CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33659
https://notcve.org/view.php?id=CVE-2023-33659
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1154 https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33656
https://notcve.org/view.php?id=CVE-2023-33656
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. • https://github.com/emqx/nanomq https://github.com/emqx/nanomq/issues/1164 https://github.com/emqx/nanomq/issues/1165#issuecomment-1515667127 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29994
https://notcve.org/view.php?id=CVE-2023-29994
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. • https://github.com/emqx/nanomq/issues/1042 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29996
https://notcve.org/view.php?id=CVE-2023-29996
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. • https://github.com/emqx/nanomq/issues/1038 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29995
https://notcve.org/view.php?id=CVE-2023-29995
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c • https://github.com/emqx/nanomq/issues/1043 • CWE-787: Out-of-bounds Write •