Jaylin Yu

**Name of the Vulnerable Software and Affected Versions** NanoMQ versions prior to 0.24.6 **Description** NanoMQ MQTT Broker, an Edge Messaging Platform, is susceptible to a heap memory corruption issue in version 0.24.6. This occurs when a specific traffic pattern is generated, combining high-frequency publishes with rapid reconnect/kick-out actions using the same `ClientID` and substantial subscribe/unsubscribe fluctuations. This pattern reliably triggers a crash in the Broker process, resulting in immediate termination via SIGABRT due to an invalid pointer error during a `free()` operation. **Recommendations** Update NanoMQ to a version newer than 0.24.6. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Versões do NanoMQ anteriores à 0.24.2 **Descrição** O broker MQTT NanoMQ contém uma condição de corrida relacionada à lista de informações de subscrição, potencialmente levando a uma falha de uso de heap após liberação. **Recomendações** Atualize para a versão 0.24.2 ou posterior.