CVE-2023-33657

Source
https://cve.org/CVERecord?id=CVE-2023-33657
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33657.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33657
Published
2023-06-08T00:00:00Z
Modified
2026-07-15T01:49:06.220515658Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nnimqttmsggetpublishproperty() in the file mqttmsg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.

Database specific
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33657.json"
}
References

Affected packages

Git / github.com/nanomq/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/nanomq/nanomq
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "0.17.2"
        },
        {
            "last_affected": "0.17.2"
        }
    ],
    "cpe": "cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.17.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33657.json"