Vulnerabilities > CVE-2020-36177 - Out-of-bounds Write vulnerability in Wolfssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
- https://github.com/wolfSSL/wolfssl/pull/3426
- https://github.com/wolfSSL/wolfssl/pull/3426
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable