NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform
A type confusion vulnerability in the NanoMQ MQTT Broker causes invalid object interpretation, leading to close-path hang or crash behavior. This occurs when aio->prov_data is stored as nni_quic_conn* during dialing but read as ex_quic_conn* during dialer close. The vulnerability is due to incorrect handling of object types during the dialing process.
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This vulnerability is fixed in 0.24.14.
Administrators of NanoMQ MQTT Broker instances are at medium risk of service disruption or crashes due to this vulnerability, particularly in local attack scenarios.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0
Affected Products
3
References
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Exploitability
Impact