In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
References
Link | Resource |
---|---|
https://github.com/wolfSSL/wolfssl/issues/2459 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-24T12:12:38
Updated: 2019-09-24T12:12:38
Reserved: 2019-09-24T00:00:00
Link: CVE-2019-16748
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-09-24T13:15:10.660
Modified: 2019-09-24T14:50:30.170
Link: CVE-2019-16748
JSON object: View
Redhat Information
No data.
CWE