CVE-2023-33659

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33659
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33659.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33659
Published
2023-06-06T12:15:09Z
Modified
2025-01-08T17:45:28.983866Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmqsubinfodecode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.

References

Affected packages

Git / github.com/emqx/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/emqx/nanomq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.1.0
0.10.1
0.10.5
0.10.8
0.11.0
0.11.2
0.11.3
0.11.5
0.11.8
0.11.82
0.12.0
0.12.1
0.12.2
0.12.5
0.13.0
0.13.6
0.13.8
0.14.0
0.14.1
0.14.5
0.14.8
0.15.0
0.15.1
0.15.2
0.15.3
0.15.5
0.16.0
0.16.2
0.16.3
0.16.5
0.17.2
0.2.0
0.2.1
0.2.2
0.2.5
0.3.0
0.3.2
0.3.3
0.3.4
0.3.5
0.3.8
0.4.0
0.4.1
0.4.2
0.4.3
0.4.5
0.4.8
0.5.0
0.5.2
0.5.5
0.5.8
0.5.9
0.6.0
0.6.2
0.6.3
0.6.4
0.6.7rc
0.6.8
0.7.0
0.7.2
0.7.3
0.7.4
0.7.4rc
0.7.5
0.7.5rc
0.7.8
0.7.9
0.8.0
0.8.3
0.8.5
0.8.6log
0.9.0
0.9.2
0.9.5
0.9.7