{"id":"CVE-2021-45938","details":"wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).","modified":"2026-02-17T07:16:31.188810Z","published":"2022-01-01T01:15:08.833Z","references":[{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39056"},{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1353.yaml"},{"type":"ADVISORY","url":"https://github.com/wolfSSL/wolfMQTT/commit/84d4b53122e0fa0280c7872350b89d5777dabbb2"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39056"},{"type":"FIX","url":"https://github.com/wolfSSL/wolfMQTT/commit/84d4b53122e0fa0280c7872350b89d5777dabbb2"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39056"},{"type":"EVIDENCE","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1353.yaml"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfmqtt","events":[{"introduced":"0"},{"fixed":"84d4b53122e0fa0280c7872350b89d5777dabbb2"}]}],"versions":["v0.10","v0.11","v0.12","v0.13","v0.14","v0.2","v0.2-dist","v0.3","v0.4","v0.5","v0.6","v0.8","v0.9","v1.0","v1.1.0","v1.2","v1.3.0","v1.4","v1.6","v1.7","v1.8","v1.9"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["280277640168772996348933106240497287098","120079499844175725862248008020683433689","47346730709629407828913387344300580063","79204163782737757014109719066411078623","120803118586187991233588399328252326413"],"threshold":0.9},"target":{"file":"src/mqtt_client.c"},"signature_type":"Line","source":"https://github.com/wolfssl/wolfmqtt/commit/84d4b53122e0fa0280c7872350b89d5777dabbb2","deprecated":false,"signature_version":"v1","id":"CVE-2021-45938-3c4f0149"},{"digest":{"length":3755,"function_hash":"329802369575170683440296892229791015484"},"target":{"function":"MqttClient_WaitType","file":"src/mqtt_client.c"},"signature_type":"Function","source":"https://github.com/wolfssl/wolfmqtt/commit/84d4b53122e0fa0280c7872350b89d5777dabbb2","deprecated":false,"signature_version":"v1","id":"CVE-2021-45938-7e8fea99"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45938.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}