CVE-2024-48077
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nanomq | nanomq | 0.22.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-833 | The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-48077 is a Denial of Service (DoS) vulnerability in nanomq version 0.22.7. An attacker can send a large number of crafted MQTT packets to the nanomq broker, causing the recv-q queue to grow rapidly. This leads to excessive consumption of file descriptor resources, exhausting them and causing the nanomq broker to collapse and become unable to provide normal services. [1]
How can this vulnerability impact me? :
This vulnerability can cause the nanomq broker to enter a deadlock state and become unresponsive, resulting in a Denial of Service. This means that normal services provided by the broker will be unavailable, potentially disrupting any systems or applications relying on nanomq for message brokering. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the nanomq process's recv-q queue size and file descriptor usage. A rapid increase in the number of data packets in the recv-q queue or exhaustion of file descriptors indicates a potential attack. Commands such as 'netstat -anp | grep nanomq' to check network connections, and 'lsof -p <nanomq_pid>' to monitor open file descriptors can help detect abnormal behavior. Additionally, monitoring MQTT traffic volume for unusually high packet rates may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting the rate of incoming MQTT packets to the nanomq broker to prevent recv-q queue overflow, applying network-level filtering or rate limiting to block suspicious traffic, and monitoring file descriptor usage to detect early signs of exhaustion. Updating nanomq to a version that addresses this vulnerability, if available, is also recommended. [1]