NanoMQ 0.22.1 Unauthenticated Memory Leak DoS (CVE-2024-42649)

### Key Information #### CVE Number CVE-2024-42649 #### Vulnerability Type Memory Leak #### Affected Version - NanoMQ 0.22.1 - GIT COMMIT: 70de56cddc87444d120a3a7e477c76a26bca8d56 #### Vulnerability Impact This vulnerability allows a remote client to trigger a memory leak in NanoMQ version 0.22.1 by sending specially crafted MQTT packets. During the reception and processing of malicious input, the broker allocates heap memory but fails to release it, leading to a gradual increase in memory consumption. This memory leak can be repeatedly triggered without authentication, potentially resulting in resource exhaustion and denial-of-service (DoS) in long-term deployments. #### Function Call Stack Information ```plaintext ==38615==ERROR: LeakSanitizer: detected memory leaks Direct leak of 368 byte(s) in 1 object(s) allocated from: #0 0x7f0c31d2fa60 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:143 #1 0x5559e340888f in nni_zalloc /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/platform/posix_alloc.c:20 #2 0x5559e33ee3ed in mqtt_msg_new /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/sp/transport/mqtt/core/message.c:408 #3 0x5559e351567c in tcpipran_pipe_recv_cb /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/sp/transport/mqtt/broker_tcp.c:744 #4 0x5559e34055fe in nni_taskq_thread /home/songxiangpu/Documents/GitRepository/nanomronq/ngg/src/core/taskq.c:47 #5 0x5559e340895f in nni_plat_thread_main /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/platform/posix/posix_thread.c:266 #6 0x7f0c31c07008 in start_thread (/build/glibc-LicZbx/glibc-2.31/nptl/pthread_create.c:477 Indirect leak of 255 byte(s) in 2 object(s) allocated from: #0 0x7f0c31d2fa60 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:143 #1 0x5559e340888f in nni_zalloc /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/platform/posix_alloc.c:26 #2 0x5559e33ee3ed in nni_chunk_grow /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/core/message.c:158 #3 0x5559e33ee3ed in nni_msg_alloc /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/sp/transport/mqtt/core/message.c:188 #4 0x5559e351567c in tcpipran_pipe_recv_cb /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/sp/transport/mqtt/broker_tcp.c:744 #5 0x5559e34055fe in nni_taskq_thread /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/core/taskq.c:47 #6 0x5559e340895f in nni_plat_thread_main /home/songxiangpu/Documents/GitRepository/nanomq/ngg/src/platform/posix/posix_thread.c:266 #7 0x7f0c31c07008 in start_thread (/build/glibc-LicZbx/glibc-2.31/nptl/pthread_create.c:477 SUMMARY: AddressSanitizer: 255 byte(s) leaked in 2 allocation(s). ``` #### Reproduction Steps ```bash nanomq start --conf .../etc/nanomq.conf nc 127.0.0.1 1883 < ./poc.raw ```

Goal Reached Thanks to every supporter — we hit 100%!

NanoMQ 0.22.1 Unauthenticated Memory Leak DoS (CVE-2024-42649)

More from this source