Nanomq CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-33657	1 Emqx	1 Nanomq	2025-01-06	7.5 High
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.
CVE-2023-34494	1 Emqx	1 Nanomq	2025-01-03	7.5 High
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVE-2024-44460	1 Emqx	1 Nanomq	2024-10-30	7.5 High
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).

« first previous Page 2 of 2.