Jakub Botwicz

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions 4.1.0 through 4.2.0c **Description** The issue arises from missing sanity checks of memory accesses in parsing ASN.1 certificate data during handshaking. Specifically, a one-byte heap-based buffer overflow occurs inside the DecodedCert structure in the GetName function in wolfcrypt/src/asn.c. This happens because the domain name location index is mishandled, leading to a pointer being overwritten and resulting in an invalid free. **Recommendations** For wolfSSL versions 4.1.0 through 4.2.0c, consider updating to a version that includes the necessary sanity checks for memory accesses in parsing ASN.1 certificate data to prevent the heap-based buffer overflow. As a temporary workaround, consider restricting the use of the GetName function in wolfcrypt/src/asn.c until a patch is available.