📦 Nanomq

NanoMQ versions before 0.24.4 contain a buffer overflow vulnerability when PUBLISH packets trigger both shared and vanilla subscriptions simultaneously. This allows attackers to execute arbitrary code...

This vulnerability in NanoMQ allows attackers to cause a denial of service by sending crafted requests that cause the recv-q queue to fill up, leading to deadlock. Any system running the vulnerable Na...

CVE-2025-59946 is a heap use-after-free vulnerability in NanoMQ MQTT broker caused by a data race condition in subscription information handling. This allows attackers to crash the broker service, pot...

An access control vulnerability in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. This affects systems runn...

A segmentation fault vulnerability in NanoMQ v0.21.10 allows attackers to cause Denial of Service (DoS) by sending specially crafted messages. This affects systems running vulnerable versions of NanoM...

CVE-2024-44460 is an out-of-bounds read vulnerability in Nanomq v0.21.9 that allows attackers to trigger a Denial of Service (DoS) by causing the MQTT broker to crash. This affects all systems running...

A null pointer dereference vulnerability in NanoMQ's topic_filtern function allows attackers to crash the MQTT broker by sending specially crafted messages. This affects all systems running vulnerable...

NanoMQ 0.16.5 contains a heap-use-after-free vulnerability in the nano_ctx_send function that allows attackers to potentially execute arbitrary code or cause denial of service. This affects systems ru...

A use-after-free vulnerability in NanoMQ 0.17.2 allows attackers to trigger memory corruption by calling nni_mqtt_msg_get_publish_property(). This can lead to denial of service through application cra...

A heap buffer overflow vulnerability in NanoMQ 0.17.2 allows attackers to trigger denial of service by exploiting the nni_msg_get_pub_pid() function. This affects systems running vulnerable versions o...

A heap buffer overflow vulnerability in NanoMQ 0.17.2 allows attackers to trigger denial of service by exploiting the nmq_subinfo_decode() function. This affects systems running vulnerable versions of...

A heap overflow vulnerability in NanoMQ's read_byte function allows attackers to write beyond allocated memory boundaries. This affects all systems running vulnerable versions of NanoMQ, potentially l...

A null pointer dereference vulnerability in NanoMQ v0.15.0-0 causes segmentation faults when processing malformed MQTT subscription/unsubscription packets. This allows remote attackers to crash the Na...

CVE-2025-68699 is a NULL pointer dereference vulnerability in NanoMQ MQTT Broker that allows remote attackers to crash the broker by sending a malformed shared subscription topic. This affects all sys...

NanoMQ v0.22.10 contains a memory leak vulnerability in its MQTT PUBLISH message handling. Attackers can send crafted PUBLISH messages to gradually consume system memory, eventually causing a Denial o...