Wiz
Vulnerability DatabaseCVE-2021-45936

CVE-2021-45936
Homebrew vulnerability analysis and mitigation

Overview

wolfSSL wolfMQTT 1.9 contains a heap-based buffer overflow vulnerability in MqttDecodeDisconnect function (called from MqttClientDecodePacket and MqttClient_WaitType). The vulnerability was discovered through OSS-Fuzz testing (OSS-Fuzz Issue).

Technical details

The vulnerability is classified as a heap-based buffer overflow WRITE operation occurring in the MqttDecodeDisconnect function. The issue is triggered when processing MQTT disconnect packets through the call chain of MqttClientDecodePacket and MqttClient_WaitType functions. The severity is rated as HIGH according to the ecosystem-specific assessment (OSS-Fuzz Vuln).

Impact

A heap-based buffer overflow vulnerability can lead to memory corruption, potentially allowing attackers to execute arbitrary code or cause denial of service conditions. The vulnerability affects the core MQTT protocol handling functionality, which could impact any application using the wolfMQTT library (OSS-Fuzz Vuln).

Mitigation and workarounds

The vulnerability has been fixed in commit 84d4b53122e0fa0280c7872350b89d5777dabbb2. Users should upgrade to a version of wolfMQTT that includes this fix. The vulnerability was introduced in commit 237f693c5731dcbd6adc9de69d9f575421c4414e (OSS-Fuzz Vuln).

Additional resources

SourceThis report was generated using AI

Related Homebrew vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-66222CRITICAL9.6
  • HomebrewHomebrew
  • deepchat
NoNoDec 03, 2025
CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-66548MEDIUM5.5
  • HomebrewHomebrew
  • deck
NoYesDec 05, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-66557MEDIUM4.3
  • HomebrewHomebrew
  • deck
NoYesDec 05, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo