CVE-2023-33657: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability was discovered by researchers from the School of Cyber Science and Technology, Shandong University and was assigned CVE-2023-33657 (NVD, GitHub Issue).

The vulnerability is caused by improper data tracing when handling publish messages. When sending a large number of malformed data packets to the server, it may trigger a heap-use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

An attacker could exploit this vulnerability to cause a denial of service attack by crashing the NanoMQ broker. The vulnerability affects the availability of the system while not impacting confidentiality or integrity (NVD).

The vulnerability has been fixed in a patch that addresses the data racing issue by cloning retain messages. The fix was merged through pull request #1187 on April 20, 2023 (GitHub PR).

According to the developer who fixed the issue, this was described as a rarely triggered issue that is hardly seen in real business scenarios (GitHub PR).