Emqx Nanomq

NanoMQ v0.17.9 HEAP UAF in sub_Ctx_handle causes DoS via SUBSCRIBE
CVE-2024-42651 - July 29, 2025

NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.

Access Control RCE in NanoMQ v0.21.10 via MQTT Wildcards
CVE-2024-42655 - July 29, 2025

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.

NanoMQ 0.17.5 DoS via segfault in /nanomq/pub_handler.c
CVE-2024-42650 - July 15, 2025

NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.

NanoMQ v0.21.10 DoS • Segfault via Crafted Messages
CVE-2024-42646 7.5 - High - July 14, 2025

A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.

NanoMQ 0.22.10 Heap Overflow in CONNECT Stack DoS Vulnerability
CVE-2024-42648 6.5 - Medium - July 14, 2025

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

Memory Corruption

NanoMQ v0.22.10 memory leak via crafted PUBLISH, DoS
CVE-2024-42649 6.5 - Medium - July 14, 2025

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.

Memory Leak

Nanomq v0.21.9 Invalid Read Size DoS
CVE-2024-44460 7.5 - High - September 12, 2024

An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).

NanoMQ 0.21.7 read_byte heap-buffer-overflow allows DoS via crafted hexstreams
CVE-2024-31036 - April 22, 2024

A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.

NanoMQ 0.21.7 MQTT Parser Null Pointer Deref CVE-2024-31041
CVE-2024-31041 - April 17, 2024

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.

Buffer Overflow in get_var_integer (mqtt_parser.c) Remote DoS in NanoMQ 0.21.7
CVE-2024-31040 - April 17, 2024

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.

Use-After-Free in NanoMQ 0.21.2 via socket.c (UAF)
CVE-2024-25767 - February 26, 2024

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.

NanoMQ 0.17.5: Heap-based Buffer Over-Read in mqtt_parser
CVE-2023-34488 7.8 - High - June 12, 2023

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.

Memory Corruption

NanoMQ 0.16.5 heap-use-after-free in nmq_mqtt.c
CVE-2023-34494 7.5 - High - June 12, 2023

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.

Dangling pointer

NanoMQ 0.17.2 Use-After-Free in nni_mqtt_msg_get_publish_property() DoS
CVE-2023-33657 7.5 - High - June 08, 2023

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.

Dangling pointer

Heap buffer overflow in NanoMQ 0.17.2 via nni_msg_get_pub_pid()
CVE-2023-33658 7.5 - High - June 08, 2023

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.

Memory Corruption

NanoMQ 0.17.2 Heap Buffer Overflow in mqtt_parser.c (copyn_str)
CVE-2023-33660 7.5 - High - June 08, 2023

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.

Memory Corruption

NanoMQ 0.17.2 Heap BfOverflow in nmq_subinfo_decode()
CVE-2023-33659 7.5 - High - June 06, 2023

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.

Memory Corruption

Memory Leak in NanoMQ 0.17.2 message.c allows DoS
CVE-2023-33656 5.5 - Medium - May 30, 2023

A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.

Allocation of Resources Without Limits or Throttling

NanoMQ v0.15.0-0 Heap Overflow in mqtt_parser.c
CVE-2023-29995 7.5 - High - May 04, 2023

In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c

Memory Corruption

NanoMQ v0.15.0-0 Null Pointer Deref. in subinfo_decode
CVE-2023-29996 7.5 - High - May 04, 2023

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.

NULL Pointer Dereference

NanoMQ 0.15.0-0: Heap Overflow in read_byte (mqtt_code.c)
CVE-2023-29994 7.5 - High - May 04, 2023

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.

Memory Corruption