CVE-2023-33657

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33657

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33657.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33657

Published

2023-06-08T13:15:09.530Z

Modified

2026-03-14T12:07:14.575730Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nnimqttmsggetpublishproperty() in the file mqttmsg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.

References

Affected packages

Git / github.com/emqx/nanomq

Affected ranges

Type

GIT

Repo

https://github.com/emqx/nanomq

Events

Introduced

Last affected

c53e056b6957db8ccbfda154fd77a3fb85296bb7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.17.2"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.1.0

0.10.1

0.10.5

0.10.8

0.11.0

0.11.2

0.11.3

0.11.5

0.11.8

0.11.82

0.12.0

0.12.1

0.12.2

0.12.5

0.13.0

0.13.6

0.13.8

0.14.0

0.14.1

0.14.5

0.14.8

0.15.0

0.15.1

0.15.2

0.15.3

0.15.5

0.16.0

0.16.2

0.16.3

0.16.5

0.17.2

0.2.0

0.2.1

0.2.2

0.2.5

0.3.0

0.3.2

0.3.3

0.3.4

0.3.5

0.3.8

0.4.0

0.4.1

0.4.2

0.4.3

0.4.5

0.4.8

0.5.0

0.5.2

0.5.5

0.5.8

0.5.9

0.6.0

0.6.2

0.6.3

0.6.4

0.6.7rc

0.6.8

0.7.0

0.7.2

0.7.3

0.7.4

0.7.4rc

0.7.5

0.7.5rc

0.7.8

0.7.9

0.8.0

0.8.3

0.8.5

0.8.6log

0.9.0

0.9.2

0.9.5

0.9.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33657.json"