CVE-2023-33658

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33658
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33658.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33658
Published
2023-06-08T12:15:09Z
Modified
2025-09-19T14:31:40.951820Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nnimsggetpubpid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.

References

Affected packages

Git / github.com/emqx/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/emqx/nanomq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c53e056b6957db8ccbfda154fd77a3fb85296bb7
Type
GIT
Repo
https://github.com/nanomq/nanonng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
657e6c81c474bdee0e6413483b990e90610030c1

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.1.0
0.10.1
0.10.5
0.10.8
0.11.0
0.11.2
0.11.3
0.11.5
0.11.8
0.11.82
0.12.0
0.12.1
0.12.2
0.12.5
0.13
0.13.0
0.13.5
0.13.6
0.13.8
0.14.0
0.14.1
0.14.5
0.14.8
0.15.0
0.15.1
0.15.2
0.15.3
0.15.5
0.16.0
0.16.2
0.16.3
0.16.5
0.17.0
0.17.2
0.2.0
0.2.1
0.2.2
0.2.5
0.3.0
0.3.2
0.3.3
0.3.4
0.3.5
0.3.8
0.4.0
0.4.1
0.4.2
0.4.3
0.4.5
0.4.8
0.5.0
0.5.2
0.5.5
0.5.8
0.5.9
0.6.0
0.6.2
0.6.3
0.6.4
0.6.7rc
0.6.8
0.7.0
0.7.2
0.7.3
0.7.4
0.7.4rc
0.7.5
0.7.5rc
0.7.8
0.7.9
0.8.0
0.8.3
0.8.5
0.8.6log
0.9.0
0.9.2
0.9.5
0.9.7

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-33658-01dcb896",
            "signature_type": "Line",
            "target": {
                "file": "src/mqtt/transport/tls/mqtt_tls.c"
            },
            "digest": {
                "line_hashes": [
                    "238118492306209824466591644182146651355",
                    "73288887871546130463872457436680809385",
                    "177105941187559162375076359119771007068",
                    "207873070159565122021798106817061692009",
                    "251535637674783221487029865388538538906",
                    "25049072818407312021974359505241147094"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        },
        {
            "id": "CVE-2023-33658-49d0f294",
            "signature_type": "Function",
            "target": {
                "file": "src/mqtt/transport/tls/mqtt_tls.c",
                "function": "mqtts_tcptran_pipe_recv_cb"
            },
            "digest": {
                "function_hash": "23355315618923543829456620621903814504",
                "length": 4133.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        },
        {
            "id": "CVE-2023-33658-580d1925",
            "signature_type": "Line",
            "target": {
                "file": "src/sp/transport/mqtts/broker_tls.c"
            },
            "digest": {
                "line_hashes": [
                    "238118492306209824466591644182146651355",
                    "73288887871546130463872457436680809385",
                    "177105941187559162375076359119771007068",
                    "207873070159565122021798106817061692009",
                    "251535637674783221487029865388538538906",
                    "267540511822039535474325492904757792395"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        },
        {
            "id": "CVE-2023-33658-7fedeeb2",
            "signature_type": "Line",
            "target": {
                "file": "src/sp/transport/mqttws/nmq_websocket.c"
            },
            "digest": {
                "line_hashes": [
                    "238118492306209824466591644182146651355",
                    "73288887871546130463872457436680809385",
                    "288820072418812848518883129616322670103",
                    "316830540005086130006695304258770817937",
                    "128755146118690718578875260463755633830",
                    "190776431000557197925574157618598627611",
                    "274107787091267991231922762036879666058"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        },
        {
            "id": "CVE-2023-33658-a3180052",
            "signature_type": "Function",
            "target": {
                "file": "src/sp/transport/mqttws/nmq_websocket.c",
                "function": "wstran_pipe_recv_cb"
            },
            "digest": {
                "function_hash": "53020928128498050841582651336808685927",
                "length": 5556.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        },
        {
            "id": "CVE-2023-33658-e1698fa9",
            "signature_type": "Function",
            "target": {
                "file": "src/sp/transport/mqtts/broker_tls.c",
                "function": "tlstran_pipe_recv_cb"
            },
            "digest": {
                "function_hash": "297247634546055184696329891679799654947",
                "length": 5888.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1"
        }
    ]
}