In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
CPE | Name | Operator | Version |
---|---|---|---|
wolfssl | eq | 3.8.0 | |
wolfssl | eq | 3.6.9b | |
wolfssl | eq | 4.1.0-stable | |
wolfssl | eq | 2.0rc2 | |
wolfssl | eq | 3.12.0-stable | |
wolfssl | eq | 3.6.9d | |
wolfssl | eq | 2.0.6 | |
wolfssl | eq | 3.15.5-stable | |
wolfssl | eq | 3.13.0-stable | |
wolfssl | eq | 2.2.1 |