Jaylin Yu

**Name of the Vulnerable Software and Affected Versions** NanoMQ versions prior to 0.24.6 **Description** NanoMQ MQTT Broker, an Edge Messaging Platform, is susceptible to a heap memory corruption issue in version 0.24.6. This occurs when a specific traffic pattern is generated, combining high-frequency publishes with rapid reconnect/kick-out actions using the same `ClientID` and substantial subscribe/unsubscribe fluctuations. This pattern reliably triggers a crash in the Broker process, resulting in immediate termination via SIGABRT due to an invalid pointer error during a `free()` operation. **Recommendations** Update NanoMQ to a version newer than 0.24.6. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NanoMQ versions prior to 0.24.2 **Description** NanoMQ MQTT Broker contains a data racing issue related to the sub info list, potentially leading to a heap use after free crash. **Recommendations** Update to version 0.24.2 or later.