CNNVD-202512-4853 Information

CNNVD ID

CNNVD-202512-4853

Related CVE

CVE-2025-59946

• CNNVD Published: 2025-12-27

Description (Chinese)

NanoMQ是美国EMQ开源的一款用于物联网边缘平台的轻量级快速 MQTT Broker。 NanoMQ 0.24.2之前版本存在资源管理错误漏洞，该漏洞源于订阅信息列表存在数据竞争问题，可能导致堆释放后重用崩溃。

Description (English)

NanoMQ is a lightweight fast MQTT Broker for the EEMQ open source in the United States of America. The previous version of NanoMQ 0.24.2 had a resource management error loophole, which stemmed from data competition problems in subscription lists, which could lead to the re-use of piles after release.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

EMQ

Published

2025-12-27

Last Modified

2026-02-24

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5 https://github.com/nanomq/nanomq/issues/1863 https://access.redhat.com/security/cve/cve-2025-59946

Patch

https://nanomq.io/downloads