-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] UAF and SEGV on NanoMQ 0.22.4 #1861
Comments
There is a known bug in newly added prefix/suffix feature, I guess that's what you just hit. You can share any security issue Via Our slack channel or PM me there. Join me on Slack -- it’s a faster, simpler way to work. Sign up here, from any device: https://join.slack.com/t/emqx/shared_invite/zt-2ntpicu1z-i1eBr6T7WwdMAD62TxqYwA |
let's continue session on slack. or plz post your poc data here. |
Sure, we made some final checks and will contact you shortly on Slack. |
two bugs hidden under it. uncared proto_Data in retain msg another one is still suspicous, remoing pipe from a lock protected sendq caused SEGV. Signed-off-by: jaylin <jaylin@emqx.io>
two bugs hidden under it. uncared proto_Data in retain msg another one is still suspicous, remoing pipe from a lock protected sendq caused SEGV. Signed-off-by: jaylin <jaylin@emqx.io>
Signed-off-by: jaylin <jaylin@emqx.io>
Signed-off-by: jaylin <jaylin@emqx.io>
Signed-off-by: jaylin <jaylin@emqx.io>
Describe the bug
We have found a heap-use-after-free on NanoMQ 0.22.4. The input we use for that sometimes triggers a segmentation fault instead.
To Reproduce
We have a proof of concept available. As it endangers the security of NanoMQ, we would prefer sharing it privately with you. Do you have a channel for us to do so?
Environment Details
The text was updated successfully, but these errors were encountered: