CVE-2024-5991 — Out-of-bounds Read in Wolfssl

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

0.1%

top 70.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.6.9-6 ON Azure Linux 3.0 +5 more

Timeline

PublishedAug 27

Description

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages9 packages

▶debiandebian/wolfssl< wolfssl 5.7.2-0.1 (forky)

▶Debianwolfssl/wolfssl< 5.7.2-0.1+1

▶NVDwolfssl/wolfssl5.7.0

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-5991: In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked↗2024-08-27

▶

GHSA

GHSA-jwjf-h4v6-qrpp: In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked↗2024-08-27

▶

📋Vendor Advisories

Microsoft

Buffer overread in domain name matching↗2024-08-13

▶

Debian

CVE-2024-5991: wolfssl - In function MatchDomainName(), input param str is treated as a NULL terminated s...↗2024

▶