CVE-2023-33658

Source
https://cve.org/CVERecord?id=CVE-2023-33658
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33658.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33658
Published
2023-06-08T00:00:00Z
Modified
2026-07-15T01:36:55.060248Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nnimsggetpubpid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.

Database specific
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33658.json"
}
References

Affected packages

Git / github.com/nanomq/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/nanomq/nanomq
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.17.2"
        },
        {
            "last_affected": "0.17.2"
        }
    ],
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.17.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33658.json"

Git / github.com/nanomq/nanonng

Affected ranges

Type
GIT
Repo
https://github.com/nanomq/nanonng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

0.*
0.11.5
0.11.8
0.13
0.13.5
0.14.5
0.15.3
0.15.5
0.16.0
0.16.3
0.16.5
0.17.0
0.17.2
0.7.2
0.8.3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33658.json"
vanir_signatures
[
    {
        "id": "CVE-2023-33658-01dcb896",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Line",
        "target": {
            "file": "src/mqtt/transport/tls/mqtt_tls.c"
        },
        "digest": {
            "line_hashes": [
                "238118492306209824466591644182146651355",
                "73288887871546130463872457436680809385",
                "177105941187559162375076359119771007068",
                "207873070159565122021798106817061692009",
                "251535637674783221487029865388538538906",
                "25049072818407312021974359505241147094"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-33658-49d0f294",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Function",
        "target": {
            "function": "mqtts_tcptran_pipe_recv_cb",
            "file": "src/mqtt/transport/tls/mqtt_tls.c"
        },
        "digest": {
            "function_hash": "23355315618923543829456620621903814504",
            "length": 4133.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-33658-580d1925",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Line",
        "target": {
            "file": "src/sp/transport/mqtts/broker_tls.c"
        },
        "digest": {
            "line_hashes": [
                "238118492306209824466591644182146651355",
                "73288887871546130463872457436680809385",
                "177105941187559162375076359119771007068",
                "207873070159565122021798106817061692009",
                "251535637674783221487029865388538538906",
                "267540511822039535474325492904757792395"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-33658-7fedeeb2",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Line",
        "target": {
            "file": "src/sp/transport/mqttws/nmq_websocket.c"
        },
        "digest": {
            "line_hashes": [
                "238118492306209824466591644182146651355",
                "73288887871546130463872457436680809385",
                "288820072418812848518883129616322670103",
                "316830540005086130006695304258770817937",
                "128755146118690718578875260463755633830",
                "190776431000557197925574157618598627611",
                "274107787091267991231922762036879666058"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-33658-a3180052",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Function",
        "target": {
            "function": "wstran_pipe_recv_cb",
            "file": "src/sp/transport/mqttws/nmq_websocket.c"
        },
        "digest": {
            "function_hash": "53020928128498050841582651336808685927",
            "length": 5556.0
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "id": "CVE-2023-33658-e1698fa9",
        "source": "https://github.com/nanomq/nanonng/commit/657e6c81c474bdee0e6413483b990e90610030c1",
        "signature_type": "Function",
        "target": {
            "function": "tlstran_pipe_recv_cb",
            "file": "src/sp/transport/mqtts/broker_tls.c"
        },
        "digest": {
            "function_hash": "297247634546055184696329891679799654947",
            "length": 5888.0
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]
vanir_signatures_modified
"2026-07-15T01:36:55Z"