CVE-2024-31040

Name of the Vulnerable Software and Affected Versions NanoMQ version 0.21.7

Description The issue is related to a Buffer Overflow vulnerability in the get var integer function in mqtt parser.c. This allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.

Recommendations For NanoMQ version 0.21.7, consider disabling the get var integer function in mqtt parser.c as a temporary workaround until a patch is available. Restrict access to the mqtt parser.c module to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.