CVE-2023-33657

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NanoMQ version 0.17.2

Description A use-after-free issue exists due to improper data tracing. This can be triggered by calling the function nni mqtt msg get publish property() in the file mqtt msg.c, potentially allowing an attacker to cause a denial of service attack.

Recommendations For NanoMQ version 0.17.2, consider disabling the nni mqtt msg get publish property() function as a temporary workaround until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2023-33657

Affected Products

Nanomq

CVE-2023-33657

Weakness Enumeration

Related Identifiers

Affected Products

References · 7