CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16748
https://notcve.org/view.php?id=CVE-2019-16748
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. En wolfSSL versiones hasta 4.1.0, se presenta una falta de comprobación de saneamiento de los accesos a la memoria en el análisis de los datos del certificado ASN.1 durante el protocolo de negociación (handshaking). Específicamente, se presenta una lectura excesiva de búfer en la región heap de la memoria de un byte en la función CheckCertSignature_ex en el archivo wolfcrypt/src/asn.c. • https://github.com/wolfSSL/wolfssl/issues/2459 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15651
https://notcve.org/view.php?id=CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. wolfSSL versión 4.1.0, presenta una lectura excesiva de búfer en la región heap de la memoria por un byte en la función DecodeCertExtensions en el archivo wolfcrypt/src/asn.c porque la lectura del byte ASN_BOOLEAN no es manejada correctamente por un certificado DER especialmente diseñado en GetLength_ex. • https://github.com/wolfSSL/wolfssl/issues/2421 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2019-11873
https://notcve.org/view.php?id=CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. • http://www.securityfocus.com/bid/108466 https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6439
https://notcve.org/view.php?id=CVE-2019-6439
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. examples/benchmark/tls_bench.c en una herramienta de benchmarking en wolfSSL hasta la versión 3.15.7 tiene un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/106640 https://github.com/wolfSSL/wolfssl/issues/2032 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16870
https://notcve.org/view.php?id=CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. Se ha detectado que wolfssl, en versiones anteriores a la 3.15.7, es vulnerable a una nueva variante del ataque Bleichenbacher para realizar ataques de degradación contra TLS. Esto podría provocar el filtrado de datos sensibles. • http://cat.eyalro.net https://github.com/wolfSSL/wolfssl/pull/1950 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •