CVE-2024-0901 — Improper Validation of Array Index in Wolfssl

CWE-129 — Improper Validation of Array Index5 documents5 sources

Severity

9.1CRITICALNVD

EPSS

0.3%

top 46.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.6-3 ON Azure Linux 3.0 +5 more

Timeline

PublishedMar 25

Latest updateMar 26

Description

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

▶debiandebian/wolfssl< wolfssl 5.7.0-0.3 (forky)

▶Debianwolfssl/wolfssl< 5.7.0-0.3+1

▶NVDwolfssl/wolfssl3.12.2 — 5.6.6

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qrv4-68mg-fv43: Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet wi↗2024-03-26

▶

OSV

CVE-2024-0901: Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet wi↗2024-03-25

▶

📋Vendor Advisories

Microsoft

SEGV and out of bounds memory read from malicious packet↗2024-03-12

▶

Debian

CVE-2024-0901: wolfssl - Remotely executed SEGV and out of bounds read allows malicious packet sender to ...↗2024

▶