CVE-2024-5991 Buffer overread in domain name matching

2024-08-2718:33:27

CWE-125

wolfSSL

www.cve.org

buffer overread

matchdomainname

x509_check_host

wolfssl

security issue

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

17.7%

JSON

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "wolfSSL",
    "vendor": "wolfSSL",
    "versions": [
      {
        "lessThanOrEqual": "5.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "release bundle"
      }
    ]
  }
]