Suggestions search

Dismissed

Filter by:

With package: nanomq

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-32696

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

updated 4 weeks, 1 day ago by @mweinelt Activity log

Created suggestion 4 weeks, 1 day ago
@mweinelt dismissed 4 weeks, 1 day ago

NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username="%u", password="%P"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7.

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p x_refsource_CONFIRM
https://github.com/nanomq/NanoNNG/pull/1394 x_refsource_MISC
https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b x_refsource_MISC
https://github.com/nanomq/nanomq/releases/tag/0.24.7 x_refsource_MISC

Affected products

nanomq

==>= 0.24.6, < 0.24.7

Matching in nixpkgs

pkgs.nanomq

Ultra-lightweight and blazing-fast MQTT broker for IoT edge

nixos-unstable 0.24.11
- nixpkgs-unstable 0.24.11
- nixos-unstable-small 0.24.11
nixos-25.11 0.24.10
- nixos-25.11-small 0.24.10
- nixpkgs-25.11-darwin 0.24.10

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>

Already fixed.

Permalink CVE-2026-25627

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 4 weeks, 1 day ago by @mweinelt Activity log

Created suggestion 4 weeks, 1 day ago
@mweinelt dismissed 4 weeks, 1 day ago

nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-w4rh-v3h2-j29x x_refsource_CONFIRM
https://github.com/nanomq/NanoNNG/pull/1405 x_refsource_MISC
https://github.com/nanomq/NanoNNG/commit/e80b30bad6d855593a68d18f2785bfaca6faf09e x_refsource_MISC
https://github.com/nanomq/nanomq/releases/tag/0.24.8 x_refsource_MISC

Affected products

nanomq

==< 0.24.8

Matching in nixpkgs

pkgs.nanomq

Ultra-lightweight and blazing-fast MQTT broker for IoT edge

nixos-unstable 0.24.11
- nixpkgs-unstable 0.24.11
- nixos-unstable-small 0.24.11
nixos-25.11 0.24.10
- nixos-25.11-small 0.24.10
- nixpkgs-25.11-darwin 0.24.10

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>

Fixed in https://github.com/nixos/nixpkgs/pull/496947 and https://github.com/NixOS/nixpkgs/pull/497323