Primary

Context

NanoMQ Segmentation Fault Vulnerability in Publish Handler Component Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in NanoMQ version 0.17.5. The issue arises in the publish handler component, where a segmentation fault can be triggered by sending a crafted PUBLISH message. This flaw causes the NanoMQ server to crash, disrupting service.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the NanoMQ server to crash and become unresponsive.

Reproduction

The vulnerability can be reproduced by sending a specific PUBLISH message that triggers a segmentation fault in the NanoMQ server. This can be done using the 'nc' (netcat) command to send the crafted message over the MQTT protocol. The server will crash upon receiving the message.

Remediation

Users can update to the latest version of NanoMQ, as this vulnerability has been fixed in version 0.17.6.

Added: Jul 15, 2025, 4:48 PM

Updated: Jul 15, 2025, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NanoMQ Segmentation Fault Vulnerability in Publish Handler Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

EMQ NanoMQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating