Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wolfSSL CyaSSL 缓冲区错误漏洞
Vulnerability Description
wolfSSL(前称CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL CyaSSL 2.5.0及之后版本(2.9.4版本已修复)中的SSL 3 HMAC功能存在缓冲区错误漏洞,该漏洞源于程序没有正确验证填充长度。远程攻击者可借助特制HMAC利用该漏洞导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A