← Back
2025-12-27 0:40CVE-2025-59946GitHub_M
PUBLISHED5.2CWE-416

NanoMQ has a Use After Free vulnerability via sub info list

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Problem type

Affected products

nanomq

nanomq

< 0.24.4 - AFFECTED

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5

https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5

x_refsource_CONFIRM
https://github.com/nanomq/nanomq/issues/1863

https://github.com/nanomq/nanomq/issues/1863

x_refsource_MISC

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-59946
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-59946",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2025-12-27T00:40:51.122Z",
    "dateReserved": "2025-09-23T14:33:49.506Z",
    "datePublished": "2025-12-27T00:40:51.122Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2025-12-27T00:40:51.122Z"
      },
      "title": "NanoMQ has a Use After Free vulnerability via sub info list",
      "descriptions": [
        {
          "lang": "en",
          "value": "NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2."
        }
      ],
      "affected": [
        {
          "vendor": "nanomq",
          "product": "nanomq",
          "versions": [
            {
              "version": "< 0.24.4",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-416: Use After Free",
              "cweId": "CWE-416",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5",
          "name": "https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        },
        {
          "url": "https://github.com/nanomq/nanomq/issues/1863",
          "name": "https://github.com/nanomq/nanomq/issues/1863",
          "tags": [
            "x_refsource_MISC"
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "HIGH",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH"
          }
        }
      ]
    }
  }
}