CVE-2024-48077

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48077
NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors (FDs). This exhaustion triggers a process crash, rendering the broker unable to provide services.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/pengwGit/2379e7a8fe75d09621f7c060db0237c4 Third Party Advisory
https://github.com/nanomq/nanomq Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:emqx:nanomq:0.22.7:*:*:*:*:*:*:*
History

03 Apr 2026, 16:16

Type Values Removed Values Added
Summary
  • (es) Un problema en nanomq v0.22.7 permite a los atacantes causar una denegación de servicio (DoS) a través de una solicitud manipulada. El número de paquetes de datos recibidos en la cola recv-q del proceso Nanomq continúa aumentando, lo que provoca que el broker nanomq caiga en un interbloqueo y no pueda proporcionar servicios normales.
Summary (en) An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services. (en) NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors (FDs). This exhaustion triggers a process crash, rendering the broker unable to provide services.

23 Jan 2026, 19:06

Type Values Removed Values Added
CPE cpe:2.3:a:emqx:nanomq:0.22.7:*:*:*:*:*:*:*
References () https://gist.github.com/pengwGit/2379e7a8fe75d09621f7c060db0237c4 - () https://gist.github.com/pengwGit/2379e7a8fe75d09621f7c060db0237c4 - Third Party Advisory
References () https://github.com/nanomq/nanomq - () https://github.com/nanomq/nanomq - Product
First Time Emqx
Emqx nanomq

15 Jan 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-15 20:16

Updated : 2026-04-03 16:16

NVD link : CVE-2024-48077

Mitre link : CVE-2024-48077

CVE.ORG link : CVE-2024-48077

JSON object : View

Products Affected

emqx

  • nanomq
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-833

Deadlock