CNNVD-202512-2621 Information

CNNVD ID

CNNVD-202512-2621

Related CVE

CVE-2025-59947

• CNNVD Published: 2025-12-15

Description (Chinese)

NanoMQ是美国EMQ开源的一款用于物联网边缘平台的轻量级快速 MQTT Broker。 NanoMQ 0.24.4之前版本存在安全漏洞，该漏洞源于PUBLISH数据包触发共享订阅和普通订阅时存在缓冲区溢出。

Description (English)

NanoMQ is a lightweight fast MQTT Broker for the EEMQ open source in the United States of America. There was a security loophole in the pre-NanoMQ 0.24 that resulted from a buffer zone spill when the PUBLISH package triggered shared subscriptions and regular subscriptions.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

EMQ

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-98f4-cmg8-x7f3 https://github.com/nanomq/nanomq/issues/2110 https://github.com/nanomq/nanomq/commit/5f5581054bb92f102cf99251e8af2f43763d457b https://access.redhat.com/security/cve/cve-2025-59947

Patch

https://nanomq.io/downloads