exploitDog

CVE-2023-33657

Опубликовано: 08 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.

Ссылки

https://github.com/emqx/nanomq
Product
https://github.com/emqx/nanomq/issues/1165#issue-1668648319
Exploit
Issue Tracking
https://github.com/emqx/nanomq/pull/1187
Patch
https://github.com/emqx/nanomq
Product
https://github.com/emqx/nanomq/issues/1165#issue-1668648319
Exploit
Issue Tracking
https://github.com/emqx/nanomq/pull/1187
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.0007

Низкий

7.5 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

GHSA-crqc-c8fj-8qjx

CVSS3: 7.5

github

больше 2 лет назад

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.

EPSS

Процентиль: 21%

0.0007

Низкий

7.5 High

CVSS3

Дефекты

CWE-416

CWE-416