Malicious Packet Sender Can Crash or Cause Out of Bounds Read
CVE-2024-0901

7.5HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 March 2024

Summary

The vulnerability presents a risk of remotely executed SEGV and out of bounds read, which allows attackers to cause intentional crashes or access invalid memory segments. This exploit occurs through the transmission of malformed packets that adhere to specific length requirements. As a result, it poses a significant security risk for servers and applications utilizing affected wolfSSL versions. Proper validation of incoming packets is crucial to mitigate potential exploitation.

Affected Version(s)

wolfSSL 3.12.2 <= 5.6.6

References

https://github.com/wolfSSL/wolfssl/issues/7089

https://github.com/wolfSSL/wolfssl/pull/7099

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
Jan 25, 2024

Credit

Jiamin Yu