Heap-Based Buffer Overflow in wolfMQTT by wolfSSL
CVE-2021-45934

5.5MEDIUM

Key Information:

Vendor
Wolfssl
Status
WolfMQtt
Vendor
CVE Published:
1 January 2022

Summary

The vulnerability in wolfMQTT version 1.9 is attributed to a heap-based buffer overflow in the function MqttClient_DecodePacket, which is invoked by MqttClient_HandlePacket and MqttClient_WaitType. This issue may allow an attacker to exploit memory management flaws, potentially leading to unauthorized access or abnormal application behavior. It is crucial for users and developers utilizing wolfMQTT to review their systems and apply any patches or updates to mitigate this risk.

References

https://github.com/wolfSSL/wolfMQTT/commit/84d4b53122e0fa...
x_refsource_MISC
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38146
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.