[Security] UAF and SEGV on NanoMQ 0.22.4 #1861
Labels
Investigation
quiestion remains ambiguous
Comments
|
There is a known bug in newly added prefix/suffix feature, I guess that's what you just hit. You can share any security issue Via Our slack channel or PM me there. Join me on Slack -- it’s a faster, simpler way to work. Sign up here, from any device: https://join.slack.com/t/emqx/shared_invite/zt-2ntpicu1z-i1eBr6T7WwdMAD62TxqYwA |
JaylinYu
changed the title
|
let's continue session on slack. or plz post your poc data here. |
|
Sure, we made some final checks and will contact you shortly on Slack. |
JaylinYu
added a commit
to nanomq/NanoNNG
that referenced
this issue
Aug 12, 2024
two bugs hidden under it. uncared proto_Data in retain msg another one is still suspicous, remoing pipe from a lock protected sendq caused SEGV. Signed-off-by: jaylin <jaylin@emqx.io>
JaylinYu
added a commit
to nanomq/NanoNNG
that referenced
this issue
Aug 12, 2024
two bugs hidden under it. uncared proto_Data in retain msg another one is still suspicous, remoing pipe from a lock protected sendq caused SEGV. Signed-off-by: jaylin <jaylin@emqx.io>
JaylinYu
added a commit
that referenced
this issue
Aug 12, 2024
Signed-off-by: jaylin <jaylin@emqx.io>
JaylinYu
added a commit
that referenced
this issue
Aug 12, 2024
Signed-off-by: jaylin <jaylin@emqx.io>
JaylinYu
added a commit
that referenced
this issue
Aug 12, 2024
Signed-off-by: jaylin <jaylin@emqx.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We have found a heap-use-after-free on NanoMQ 0.22.4. The input we use for that sometimes triggers a segmentation fault instead.
To Reproduce
We have a proof of concept available. As it endangers the security of NanoMQ, we would prefer sharing it privately with you. Do you have a channel for us to do so?
Environment Details
The text was updated successfully, but these errors were encountered: