Heap-Based Buffer Overflow Vulnerability in wolfMQTT by wolfSSL
CVE-2021-45939

5.5MEDIUM

Key Information:

Vendor
Wolfssl
Status
WolfMQtt
Vendor
CVE Published:
1 January 2022

Summary

The vulnerability in wolfMQTT version 1.9 manifests as a heap-based buffer overflow, which occurs in the MqttClient_DecodePacket function. This flaw is triggered during the processing of MQTT packets in the MqttClient_WaitType and MqttClient_Subscribe operations. Exploiting this vulnerability could potentially allow an attacker to manipulate memory and execute arbitrary code, compromising the integrity of affected applications. For further insights, refer to the project’s GitHub commit and discussions on OSS Fuzz, which underscore the critical need for updates to mitigate such risks.

References

https://github.com/wolfSSL/wolfMQTT/commit/84d4b53122e0fa...
x_refsource_MISC
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39103
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.