Lucene search

[email protected]NVD:CVE-2024-5991

HistoryAug 27, 2024 - 7:15 p.m.

CVE-2024-5991

2024-08-2719:15:18

CWE-125

[email protected]

web.nvd.nist.gov

cve-2024-5991

matchdomainname

input param

x509_check_host

null terminated string

unchecked

pointer

length

buffer

beyond bounds

wolfssl

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

Affected configurations

Nvd

Node

wolfsslwolfsslRange≤5.7.0

VendorProductVersionCPE
wolfsslwolfssl*cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wolfssl	wolfssl	*	cpe:2.3:a:wolfssl:wolfssl::::::::

References

github.com/wolfSSL/wolfssl/pull/7604

https://github.com/wolfSSL/wolfssl/pull/7604

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-5991

debiancve1 osv1 cve1 alpinelinux1 cvelist1 ubuntucve1 cbl_mariner2 vulnrichment1 freebsd1 slackware1 openvas1 nessus2