PT-2020-7639 · Wolfssl · Cyassl
Ivan Fratric
·
Published
2020-01-28
·
Updated
2020-02-04
·
CVE-2014-2897
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
wolfSSL CyaSSL versions 2.5.0 through 2.9.3
Description
The SSL 3 HMAC functionality does not check the padding length when verification fails, allowing remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
Recommendations
For versions 2.5.0 through 2.9.3, update to version 2.9.4 or later to resolve the issue.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cyassl