10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.3%
DESCRIPTION
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. The issue is marked as critical with CVSS score of 9.8.
REQUIREMENTS
It’s still work in progress, there is not that much information about it available yet, but according to the very high CVSS score of 9.8 (10 is most severe) it’s likely, that this issue has RCE potential.
MITIGATIONS
You need to update the affected libwolfssl24 package you’re using with the command below.
opkg update; opkg upgrade libwolfssl24
Then verify, that you’re running fixed version.
opkg list-installed libwolfssl24
The above command should output following:
libwolfssl24 - 4.6.0-stable-1 - for stable OpenWrt 19.07 release
libwolfssl24 - 4.6.0-stable-1 - for master/snapshot
The fix is contained in the following and later versions:
OpenWrt 19.07: 2021-02-02 (fixed by v19.07.6-11-g2044c01de8f2)
OpenWrt master: 2021-01-01 (fixed by reboot-15389-gba40da9045f7)
AFFECTED VERSIONS
To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release versions 19.07.0 to 19.07.6 are not affected, because vulnerable libwolfssl24 package is not shipped by default in the official firmware images. Older versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
CREDITS
This issue was found by libFuzzer’s address sanitizer in OSS-Fuzz project and fixed by Sean Parkinson from wolfSSL team.
*[OSS]: Open Source Software
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.3%