CVE-2023-33658

HIGH

NanoMQ 0.17.2 - Buffer Overflow

Title source: llm

Description

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.

References (3)

Core 3

Core References

Product

https://github.com/emqx/nanomq

Exploit

https://github.com/emqx/nanomq/issues/1153

Patch

https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee0e6413483b990e90610030c1

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

emqx/nanomq 0.17.2

Published Jun 08, 2023

Tracked Since Feb 18, 2026