Emqx: Security Vulnerabilities
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-05-30
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-04
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-04
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-04
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid
CVSS Score
5.3
EPSS Score
0.002
Published
2022-03-28
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-06-08
Page 3