Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-45939: oss-fuzz-vulns/OSV-2021-1361.yaml at main · google/oss-fuzz-vulns

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).

CVE
Open in Source
#google#git

Permalink

Cannot retrieve contributors at this time

id: OSV-2021-1361

summary: Heap-buffer-overflow in MqttClient_DecodePacket

details: |

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39103

Crash type: Heap-buffer-overflow WRITE 1

Crash state:

MqttClient_DecodePacket

MqttClient_WaitType

MqttClient_Subscribe

modified: ‘2021-09-23T00:01:42.884551Z’

published: ‘2021-09-23T00:01:42.884344Z’

references:

- type: REPORT

url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39103

affected:

- package:

name: wolfmqtt

ecosystem: OSS-Fuzz

ranges:

- type: GIT

repo: https://github.com/wolfSSL/wolfMQTT.git

events:

- introduced: 237f693c5731dcbd6adc9de69d9f575421c4414e

- fixed: 84d4b53122e0fa0280c7872350b89d5777dabbb2

versions:

- v1.9

ecosystem_specific:

severity: HIGH

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE