Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wolfSSL 缓冲区错误漏洞
Vulnerability Description
wolfSSL(前称CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL 4.1.0版本至4.2.0c版本中的wolfcrypt/src/asn.c文件的GetName的DecodedCert结构存在缓冲区错误漏洞,该漏洞源于程序没有正确处理域名位置的索引。远程攻击者可借助特制证书利用该漏洞在内存重新分配期间导致拒绝服务(崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A