CRITICAL🇵🇱 Wersja polska

CVE-2024-5991

CVSS 10.0v4.0pub. 2024-08-27upd. 2024-09-06

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

🤖 AI Analysis
How it works

The MatchDomainName() function treats the passed str parameter as a NULL-terminated string, even though this data is supplied by the user and is not validated. The X509_check_host() function accepts a pointer and buffer length without requiring NULL termination. If the caller passes a buffer that is not NULL-terminated, the code will read memory beyond the input array boundaries until it encounters such a character. This leads to a classic CWE-125 vulnerability — out-of-bounds read.

Impact

An attacker can trigger a read operation from outside the permitted memory area, which may reveal sensitive information or in extreme cases lead to application instability. Considering the maximum CVSS score of 10.0, the vulnerability may have a critical impact on system confidentiality, integrity, and availability.

Mitigation & patch

Update the WolfSSL library to a version containing the patch available in pull request #7604 in the project repository on GitHub. If updating is not possible, ensure that all data passed to the X509_check_host() function is properly NULL-terminated on the caller's side.

Who is affected

WolfSSL in all versions up to and including 5.7.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Wolfssl

    APP
    Wolfssl
    ≤ 5.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-5194CRITICAL9.3PL ✓ten sam produkt

WolfSSL: nieprawidłowa weryfikacja rozmiaru skrótu w certyfikatach ECDSA

CVE-2023-3724CRITICAL9.1ten sam produkt

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connect...

CVE-2022-42905CRITICAL9.1ten sam produkt

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious ...

CVE-2022-23408CRITICAL9.1ten sam produkt

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AE...

CVE-2021-37155CRITICAL9.8ten sam produkt

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP ...