{"id":"CVE-2021-40829","details":"Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.","aliases":["GHSA-743r-5g92-5vgf","PYSEC-2021-862"],"modified":"2026-04-11T18:45:33.635875Z","published":"2021-11-23T00:15:07.327Z","references":[{"type":"WEB","url":"https://github.com/awslabs/aws-c-io/"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-cpp-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-java-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-js-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-python-v2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aws/aws-iot-device-sdk-cpp-v2","events":[{"introduced":"0"},{"fixed":"0e97b7b9f6b4e6084f937e7629c564101a6703a1"},{"introduced":"0"},{"fixed":"efa3dc2d4a98f9be3470c5b1d6f20ea509599217"},{"introduced":"0"},{"fixed":"efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"introduced":"0"},{"fixed":"b425c9595a0ca88f6ba909e81f9ea0553cd2295c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.2"},{"introduced":"0"},{"fixed":"1.5.3"},{"introduced":"0"},{"fixed":"1.6.1"},{"introduced":"0"},{"fixed":"1.12.7"}]}}],"versions":["v0.1.1","v0.1.2","v0.1.3","v1.0","v1.1","v1.10.0","v1.10.1","v1.10.2","v1.10.3","v1.10.4","v1.10.5","v1.10.6","v1.10.7","v1.10.8","v1.10.9","v1.11.0","v1.12.0","v1.12.1","v1.12.2","v1.12.3","v1.12.4","v1.12.5","v1.12.6","v1.2","v1.3","v1.4","v1.4.1","v1.4.2","v1.4.3","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.8.4","v1.9.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToUpdateJobExecutionRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-02433620","deprecated":false,"digest":{"function_hash":"98982507890037221679658572369745145578","length":1048}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToGetPendingJobExecutionsRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-0563dd19","deprecated":false,"digest":{"function_hash":"165027320789812889561110294641284995884","length":1024}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToCreateCertificateFromCsrRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-19e78b14","deprecated":false,"digest":{"function_hash":"119204228521496104825939341431810880432","length":1017}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToDeleteShadowAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-1c7488eb","deprecated":false,"digest":{"function_hash":"168598955633068971793766475207198054205","length":1020}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToDescribeJobExecutionRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-1f773f41","deprecated":false,"digest":{"function_hash":"196963877185553524189844914571795785944","length":1047}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToRegisterThingAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-3542d9e9","deprecated":false,"digest":{"function_hash":"235476979331085233043846502233954872393","length":1043}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToCreateKeysAndCertificateRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-3b18d8cb","deprecated":false,"digest":{"function_hash":"149533778192248836180809290166192774978","length":1008}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToRegisterThingRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-3b719ff0","deprecated":false,"digest":{"function_hash":"205466917386749728857540082481999305167","length":1043}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToGetPendingJobExecutionsAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-3be980a2","deprecated":false,"digest":{"function_hash":"179459012236201148891526488014547914183","length":1024}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToUpdateShadowRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-465c470e","deprecated":false,"digest":{"function_hash":"124594322792865987157686919522901925216","length":1020}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToUpdateShadowAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-48e02777","deprecated":false,"digest":{"function_hash":"45705757137795355776969157709594717442","length":1020}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"samples/identity/fleet_provisioning/main.cpp"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-40829-566701bc","deprecated":false,"digest":{"line_hashes":["230342386372089861307242015008058681906","205843513893998540448188835325620363332","226281338371378335183449550312559773348","104525151370226745786379902735580927555"],"threshold":0.9}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToGetShadowAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-57f3ccb2","deprecated":false,"digest":{"function_hash":"127754970515853051586368986135498682091","length":1014}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToGetShadowRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-585871a0","deprecated":false,"digest":{"function_hash":"280284464166725484113216923362671165459","length":1014}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToDeleteShadowRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-8b1b31d8","deprecated":false,"digest":{"function_hash":"321260236440234264945357286900376505537","length":1020}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToUpdateJobExecutionAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-8ee3a124","deprecated":false,"digest":{"function_hash":"272587006739776093146036404677076057465","length":1048}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToStartNextPendingJobExecutionRejected"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-9175f742","deprecated":false,"digest":{"function_hash":"208279227132893194073547388285952571735","length":1036}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToDescribeJobExecutionAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-aa3f0dc3","deprecated":false,"digest":{"function_hash":"175764025898463338423587132025720849811","length":1047}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToShadowDeltaUpdatedEvents"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-adb75bd2","deprecated":false,"digest":{"function_hash":"320295843878709591141891679162648613720","length":1021}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToStartNextPendingJobExecutionAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-b3a11124","deprecated":false,"digest":{"function_hash":"119507636605857984303262600508170755305","length":1036}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToCreateKeysAndCertificateAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-bc3f6097","deprecated":false,"digest":{"function_hash":"100514015869796908044356247118439867718","length":1008}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToJobExecutionsChangedEvents"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-c1983947","deprecated":false,"digest":{"function_hash":"97296809749017624097468165779185895683","length":1001}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-40829-d6c9a503","deprecated":false,"digest":{"line_hashes":["326167592057099830353828072313645830554","293054556881763588616670124924108480901","111810885248206201112539425570142587712","70216524490123261033673792898970622398","93219863306673762155482642015259886669","24429932077257745333730642339986854739","111810885248206201112539425570142587712","70216524490123261033673792898970622398","329391610494058956356507258073953074708","222873449058409410848483793322770967601","111810885248206201112539425570142587712","70216524490123261033673792898970622398","313241844359076564971476835519119976665","49963589851800492066188496962267192276","111810885248206201112539425570142587712","70216524490123261033673792898970622398","262902014855978204820465011655632934817","140084750252220336630716056001226161155","111810885248206201112539425570142587712","70216524490123261033673792898970622398","58479910732062550271169293821040115855","275870513201740203937893570879252091376","111810885248206201112539425570142587712","70216524490123261033673792898970622398","336919288081763814885191775221718528694","101094198999562965589136156484451445157","111810885248206201112539425570142587712","70216524490123261033673792898970622398","183214338663794710452991886866118130182","134118649328838544619370072461283173323","111810885248206201112539425570142587712","70216524490123261033673792898970622398","80172308949506630077423600372964550395","242763020377057416413157268746801517053","111810885248206201112539425570142587712","70216524490123261033673792898970622398","170933778762927186644261539823749910259","284548306774200684555354211869914366712","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp","function":"IotShadowClient::SubscribeToShadowUpdatedEvents"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-dc5eea30","deprecated":false,"digest":{"function_hash":"135225166015258223883669864125251318891","length":1020}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-40829-e2af83ae","deprecated":false,"digest":{"line_hashes":["153301192323699787610308551928351794069","231799229138906612903889631659796938528","111810885248206201112539425570142587712","70216524490123261033673792898970622398","127203748230272958985250685959194466717","152672871023276082668341893493015720616","111810885248206201112539425570142587712","70216524490123261033673792898970622398","240740098531191759705265081101498187186","122072058802475952200720257039220955666","111810885248206201112539425570142587712","70216524490123261033673792898970622398","23532137193705371306399471280809154088","92493570082685903641755354578384277181","111810885248206201112539425570142587712","70216524490123261033673792898970622398","327555065746989319291274580235782006197","53118516227897917220388385616513989785","111810885248206201112539425570142587712","70216524490123261033673792898970622398","145456478191364842358773980437785219925","145257614270874795375547770223730671180","111810885248206201112539425570142587712","70216524490123261033673792898970622398","72988191512902427239038586954578820294","106376054005516871088973189801140191822","111810885248206201112539425570142587712","70216524490123261033673792898970622398","313387830453111040804460504182177801746","322925350023021315304788346643354183943","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-40829-ea462cda","deprecated":false,"digest":{"line_hashes":["331930385137325414295218273715334122388","324877662300095167131174494618409772811","111810885248206201112539425570142587712","70216524490123261033673792898970622398","228889239507695077299663775706632483854","238012712210270684826994199402292516922","111810885248206201112539425570142587712","70216524490123261033673792898970622398","9550196507415204210268687641614470847","126743438397327513184449791748918818973","111810885248206201112539425570142587712","70216524490123261033673792898970622398","138041169733595194662322004251494144785","304507540854630181610144898923044349045","111810885248206201112539425570142587712","70216524490123261033673792898970622398","225551886425931129654106639982372836482","39719292845961785162398473468139688238","111810885248206201112539425570142587712","70216524490123261033673792898970622398","256381315492775329837280087712636651575","225626166415092878286089914513984858904","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"jobs/source/IotJobsClient.cpp","function":"IotJobsClient::SubscribeToNextJobExecutionChangedEvents"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-f2c35424","deprecated":false,"digest":{"function_hash":"661852147991210602325930671757844501","length":1009}},{"source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba","target":{"file":"identity/source/IotIdentityClient.cpp","function":"IotIdentityClient::SubscribeToCreateCertificateFromCsrAccepted"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-40829-f5cc599e","deprecated":false,"digest":{"function_hash":"138688871704542781044840709501230477974","length":1017}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40829.json","vanir_signatures_modified":"2026-04-11T18:45:33Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}