PT-2021-11957 · Wolfssl+1 · Wolfssl+1

Sparkidev

Published

2021-01-06

Updated

2021-02-03

CVE-2020-36177

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 4.6.0

Description: The issue is related to the RsaPad PSS function in the wolfcrypt/src/rsa.c file, which has an out-of-bounds write for certain relationships between key size and digest size.

Recommendations: For versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the RsaPad PSS function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1202

CVE-2020-36177

Affected Products

Alt Linux

Wolfssl

PT-2021-11957 · Wolfssl+1 · Wolfssl+1

CVE-2020-36177

Weakness Enumeration

Related Identifiers

Affected Products

References · 14