CVE-2021-40829
- Source
- https://cve.org/CVERecord?id=CVE-2021-40829
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40829.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-40829
- Aliases
- Published
- 2021-11-23T00:15:07.327Z
- Modified
- 2026-03-20T04:12:26.359730Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.
- References
Affected packages
Git / github.com/aws/aws-iot-device-sdk-cpp-v2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aws/aws-iot-device-sdk-cpp-v2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.4.2" }, { "introduced": "0" }, { "fixed": "1.5.3" }, { "introduced": "0" }, { "fixed": "1.6.1" }, { "introduced": "0" }, { "fixed": "1.12.7" } ] }
Database specific
vanir_signatures
[
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToUpdateJobExecutionRejected"
},
"deprecated": false,
"digest": {
"function_hash": "98982507890037221679658572369745145578",
"length": 1048.0
},
"id": "CVE-2021-40829-02433620",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToGetPendingJobExecutionsRejected"
},
"deprecated": false,
"digest": {
"function_hash": "165027320789812889561110294641284995884",
"length": 1024.0
},
"id": "CVE-2021-40829-0563dd19",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToCreateCertificateFromCsrRejected"
},
"deprecated": false,
"digest": {
"function_hash": "119204228521496104825939341431810880432",
"length": 1017.0
},
"id": "CVE-2021-40829-19e78b14",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToDeleteShadowAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "168598955633068971793766475207198054205",
"length": 1020.0
},
"id": "CVE-2021-40829-1c7488eb",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToDescribeJobExecutionRejected"
},
"deprecated": false,
"digest": {
"function_hash": "196963877185553524189844914571795785944",
"length": 1047.0
},
"id": "CVE-2021-40829-1f773f41",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToRegisterThingAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "235476979331085233043846502233954872393",
"length": 1043.0
},
"id": "CVE-2021-40829-3542d9e9",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToCreateKeysAndCertificateRejected"
},
"deprecated": false,
"digest": {
"function_hash": "149533778192248836180809290166192774978",
"length": 1008.0
},
"id": "CVE-2021-40829-3b18d8cb",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToRegisterThingRejected"
},
"deprecated": false,
"digest": {
"function_hash": "205466917386749728857540082481999305167",
"length": 1043.0
},
"id": "CVE-2021-40829-3b719ff0",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToGetPendingJobExecutionsAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "179459012236201148891526488014547914183",
"length": 1024.0
},
"id": "CVE-2021-40829-3be980a2",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToUpdateShadowRejected"
},
"deprecated": false,
"digest": {
"function_hash": "124594322792865987157686919522901925216",
"length": 1020.0
},
"id": "CVE-2021-40829-465c470e",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToUpdateShadowAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "45705757137795355776969157709594717442",
"length": 1020.0
},
"id": "CVE-2021-40829-48e02777",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Line",
"target": {
"file": "samples/identity/fleet_provisioning/main.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"230342386372089861307242015008058681906",
"205843513893998540448188835325620363332",
"226281338371378335183449550312559773348",
"104525151370226745786379902735580927555"
],
"threshold": 0.9
},
"id": "CVE-2021-40829-566701bc",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToGetShadowAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "127754970515853051586368986135498682091",
"length": 1014.0
},
"id": "CVE-2021-40829-57f3ccb2",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToGetShadowRejected"
},
"deprecated": false,
"digest": {
"function_hash": "280284464166725484113216923362671165459",
"length": 1014.0
},
"id": "CVE-2021-40829-585871a0",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToDeleteShadowRejected"
},
"deprecated": false,
"digest": {
"function_hash": "321260236440234264945357286900376505537",
"length": 1020.0
},
"id": "CVE-2021-40829-8b1b31d8",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToUpdateJobExecutionAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "272587006739776093146036404677076057465",
"length": 1048.0
},
"id": "CVE-2021-40829-8ee3a124",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToStartNextPendingJobExecutionRejected"
},
"deprecated": false,
"digest": {
"function_hash": "208279227132893194073547388285952571735",
"length": 1036.0
},
"id": "CVE-2021-40829-9175f742",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToDescribeJobExecutionAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "175764025898463338423587132025720849811",
"length": 1047.0
},
"id": "CVE-2021-40829-aa3f0dc3",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToShadowDeltaUpdatedEvents"
},
"deprecated": false,
"digest": {
"function_hash": "320295843878709591141891679162648613720",
"length": 1021.0
},
"id": "CVE-2021-40829-adb75bd2",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToStartNextPendingJobExecutionAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "119507636605857984303262600508170755305",
"length": 1036.0
},
"id": "CVE-2021-40829-b3a11124",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToCreateKeysAndCertificateAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "100514015869796908044356247118439867718",
"length": 1008.0
},
"id": "CVE-2021-40829-bc3f6097",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToJobExecutionsChangedEvents"
},
"deprecated": false,
"digest": {
"function_hash": "97296809749017624097468165779185895683",
"length": 1001.0
},
"id": "CVE-2021-40829-c1983947",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Line",
"target": {
"file": "jobs/source/IotJobsClient.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"326167592057099830353828072313645830554",
"293054556881763588616670124924108480901",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"93219863306673762155482642015259886669",
"24429932077257745333730642339986854739",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"329391610494058956356507258073953074708",
"222873449058409410848483793322770967601",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"313241844359076564971476835519119976665",
"49963589851800492066188496962267192276",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"262902014855978204820465011655632934817",
"140084750252220336630716056001226161155",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"58479910732062550271169293821040115855",
"275870513201740203937893570879252091376",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"336919288081763814885191775221718528694",
"101094198999562965589136156484451445157",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"183214338663794710452991886866118130182",
"134118649328838544619370072461283173323",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"80172308949506630077423600372964550395",
"242763020377057416413157268746801517053",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"170933778762927186644261539823749910259",
"284548306774200684555354211869914366712",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398"
],
"threshold": 0.9
},
"id": "CVE-2021-40829-d6c9a503",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "shadow/source/IotShadowClient.cpp",
"function": "IotShadowClient::SubscribeToShadowUpdatedEvents"
},
"deprecated": false,
"digest": {
"function_hash": "135225166015258223883669864125251318891",
"length": 1020.0
},
"id": "CVE-2021-40829-dc5eea30",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Line",
"target": {
"file": "shadow/source/IotShadowClient.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"153301192323699787610308551928351794069",
"231799229138906612903889631659796938528",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"127203748230272958985250685959194466717",
"152672871023276082668341893493015720616",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"240740098531191759705265081101498187186",
"122072058802475952200720257039220955666",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"23532137193705371306399471280809154088",
"92493570082685903641755354578384277181",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"327555065746989319291274580235782006197",
"53118516227897917220388385616513989785",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"145456478191364842358773980437785219925",
"145257614270874795375547770223730671180",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"72988191512902427239038586954578820294",
"106376054005516871088973189801140191822",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"313387830453111040804460504182177801746",
"322925350023021315304788346643354183943",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398"
],
"threshold": 0.9
},
"id": "CVE-2021-40829-e2af83ae",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Line",
"target": {
"file": "identity/source/IotIdentityClient.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"331930385137325414295218273715334122388",
"324877662300095167131174494618409772811",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"228889239507695077299663775706632483854",
"238012712210270684826994199402292516922",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"9550196507415204210268687641614470847",
"126743438397327513184449791748918818973",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"138041169733595194662322004251494144785",
"304507540854630181610144898923044349045",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"225551886425931129654106639982372836482",
"39719292845961785162398473468139688238",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398",
"256381315492775329837280087712636651575",
"225626166415092878286089914513984858904",
"111810885248206201112539425570142587712",
"70216524490123261033673792898970622398"
],
"threshold": 0.9
},
"id": "CVE-2021-40829-ea462cda",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "jobs/source/IotJobsClient.cpp",
"function": "IotJobsClient::SubscribeToNextJobExecutionChangedEvents"
},
"deprecated": false,
"digest": {
"function_hash": "661852147991210602325930671757844501",
"length": 1009.0
},
"id": "CVE-2021-40829-f2c35424",
"signature_version": "v1"
},
{
"source": "https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba",
"signature_type": "Function",
"target": {
"file": "identity/source/IotIdentityClient.cpp",
"function": "IotIdentityClient::SubscribeToCreateCertificateFromCsrAccepted"
},
"deprecated": false,
"digest": {
"function_hash": "138688871704542781044840709501230477974",
"length": 1017.0
},
"id": "CVE-2021-40829-f5cc599e",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40829.json"