漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Vulnerability Description
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
wolfSSL(CyaSSL) 安全漏洞
Vulnerability Description
wolfSSL(CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL(CyaSSL)存在安全漏洞,该漏洞源于TLSX_EchChangeSNI函数无条件设置扩展,可能导致将攻击者控制的publicName附加到共享的WOLFSSL_CTX并触发越界写入。
CVSS Information
N/A
Vulnerability Type
N/A