Filtered by vendor Emqx
Subscribe
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59946 | 1 Emqx | 1 Nanomq | 2026-01-30 | N/A | 7.5 HIGH |
| NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2. | |||||
| CVE-2025-59947 | 1 Emqx | 1 Nanomq | 2026-01-30 | N/A | 9.0 CRITICAL |
| NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription. | |||||
| CVE-2024-48077 | 1 Emqx | 1 Nanomq | 2026-01-23 | N/A | 7.5 HIGH |
| An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services. | |||||
| CVE-2023-34488 | 1 Emqx | 1 Nanomq | 2025-09-24 | N/A | 7.8 HIGH |
| NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. | |||||
| CVE-2024-42655 | 1 Emqx | 1 Nanomq | 2025-08-06 | N/A | 8.8 HIGH |
| An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. | |||||
| CVE-2024-42651 | 1 Emqx | 1 Nanomq | 2025-08-06 | N/A | 7.5 HIGH |
| NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message. | |||||
| CVE-2024-42650 | 1 Emqx | 1 Nanomq | 2025-07-17 | N/A | 7.5 HIGH |
| NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. | |||||
| CVE-2024-42648 | 1 Emqx | 1 Nanomq | 2025-07-16 | N/A | 6.5 MEDIUM |
| NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message. | |||||
| CVE-2024-42646 | 1 Emqx | 1 Nanomq | 2025-07-16 | N/A | 7.5 HIGH |
| A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages. | |||||
| CVE-2024-42649 | 1 Emqx | 1 Nanomq | 2025-07-16 | N/A | 6.5 MEDIUM |
| NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. | |||||
| CVE-2024-31040 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 2.7 LOW |
| Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | |||||
| CVE-2024-31041 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 7.5 HIGH |
| Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | |||||
| CVE-2024-31036 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 6.8 MEDIUM |
| A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | |||||
| CVE-2024-25767 | 1 Emqx | 1 Nanomq | 2025-05-01 | N/A | 6.5 MEDIUM |
| nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. | |||||
| CVE-2023-29996 | 1 Emqx | 1 Nanomq | 2025-01-29 | N/A | 7.5 HIGH |
| In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | |||||
| CVE-2023-29995 | 1 Emqx | 1 Nanomq | 2025-01-29 | N/A | 7.5 HIGH |
| In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c | |||||
| CVE-2023-29994 | 1 Emqx | 1 Nanomq | 2025-01-29 | N/A | 7.5 HIGH |
| In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. | |||||
| CVE-2023-33656 | 1 Emqx | 1 Nanomq | 2025-01-10 | N/A | 5.5 MEDIUM |
| A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. | |||||
| CVE-2023-33659 | 1 Emqx | 1 Nanomq | 2025-01-08 | N/A | 7.5 HIGH |
| A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||
| CVE-2023-33660 | 1 Emqx | 1 Nanomq | 2025-01-06 | N/A | 7.5 HIGH |
| A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||