Malicious Packet Sender Can Crash or Cause Out of Bounds Read
CVE-2024-0901

7.5HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 March 2024

What is CVE-2024-0901?

The vulnerability presents a risk of remotely executed SEGV and out of bounds read, which allows attackers to cause intentional crashes or access invalid memory segments. This exploit occurs through the transmission of malformed packets that adhere to specific length requirements. As a result, it poses a significant security risk for servers and applications utilizing affected wolfSSL versions. Proper validation of incoming packets is crucial to mitigate potential exploitation.

Affected Version(s)

wolfSSL 3.12.2 <= 5.6.6

References

https://github.com/wolfSSL/wolfssl/issues/7089

https://github.com/wolfSSL/wolfssl/pull/7099

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
Jan 25, 2024

Credit

Jiamin Yu

Wolfssl

What is CVE-2024-0901?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit