Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FlashMQ does not release memory of queued QoS messages
Vulnerability Description
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon (eventual) session expiration. Version 1.23.2 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对已超过有效生命周期的资源丧失索引
Vulnerability Title
FlashMQ 安全漏洞
Vulnerability Description
FlashMQ是Wiebe Cazemier个人开发者的一个快速轻量级的MQTT代理服务器。 FlashMQ 1.23.2之前版本存在安全漏洞,该漏洞源于认证用户可创建会话并收集QoS消息,可能导致资源未释放。
CVSS Information
N/A
Vulnerability Type
N/A