CVE-2024-0901 (GCVE-0-2024-0901)

Vulnerability from cvelistv5 – Published: 2024-03-25 22:37 – Updated: 2024-08-01 18:39
VLAI?
Title
SEGV and out of bounds memory read from malicious packet
Summary
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
CWE
  • CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
Vendor Product Version
wolfSSL wolfSSL Affected: 3.12.2 , ≤ 5.6.6 (release bundle)
Create a notification for this product.
Credits
Jiamin Yu
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:19.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/wolfSSL/wolfssl/issues/7089"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/wolfSSL/wolfssl/pull/7099"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wolfssl",
            "vendor": "wolfssl",
            "versions": [
              {
                "lessThanOrEqual": "5.6.6",
                "status": "affected",
                "version": "3.12.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0901",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T18:38:31.765222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:39:44.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "wolfSSL",
          "repo": "https://github.com/wolfSSL/wolfssl",
          "vendor": "wolfSSL",
          "versions": [
            {
              "lessThanOrEqual": "5.6.6",
              "status": "affected",
              "version": "3.12.2",
              "versionType": "release bundle"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\u00a0If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jiamin Yu"
        }
      ],
      "datePublic": "2024-03-20T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\u003cbr\u003e"
            }
          ],
          "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-123",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-123 Buffer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T22:37:56.581Z",
        "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
        "shortName": "wolfSSL"
      },
      "references": [
        {
          "url": "https://github.com/wolfSSL/wolfssl/issues/7089"
        },
        {
          "url": "https://github.com/wolfSSL/wolfssl/pull/7099"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update wolfSSL to 5.7.0 or apply the fix located in:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/7099\"\u003ehttps://github.com/wolfSSL/wolfssl/pull/7099\u003c/a\u003e.\u003cbr\u003e"
            }
          ],
          "value": "Update wolfSSL to 5.7.0 or apply the fix located in:\u00a0 https://github.com/wolfSSL/wolfssl/pull/7099 .\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SEGV and out of bounds memory read from malicious packet",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
    "assignerShortName": "wolfSSL",
    "cveId": "CVE-2024-0901",
    "datePublished": "2024-03-25T22:37:56.581Z",
    "dateReserved": "2024-01-25T19:15:43.102Z",
    "dateUpdated": "2024-08-01T18:39:44.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\\n\"}, {\"lang\": \"es\", \"value\": \"SEGV ejecutado de forma remota y lectura fuera de los l\\u00edmites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los l\\u00edmites mediante el env\\u00edo de un paquete con formato incorrecto y con la longitud correcta.\"}]",
      "id": "CVE-2024-0901",
      "lastModified": "2024-11-21T08:47:39.493",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"facts@wolfssl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.7}]}",
      "published": "2024-03-25T23:15:51.250",
      "references": "[{\"url\": \"https://github.com/wolfSSL/wolfssl/issues/7089\", \"source\": \"facts@wolfssl.com\"}, {\"url\": \"https://github.com/wolfSSL/wolfssl/pull/7099\", \"source\": \"facts@wolfssl.com\"}, {\"url\": \"https://github.com/wolfSSL/wolfssl/issues/7089\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/wolfSSL/wolfssl/pull/7099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "facts@wolfssl.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"facts@wolfssl.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-129\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0901\",\"sourceIdentifier\":\"facts@wolfssl.com\",\"published\":\"2024-03-25T23:15:51.250\",\"lastModified\":\"2025-12-15T21:42:52.097\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\\n\"},{\"lang\":\"es\",\"value\":\"SEGV ejecutado de forma remota y lectura fuera de los l\u00edmites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los l\u00edmites mediante el env\u00edo de un paquete con formato incorrecto y con la longitud correcta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.2\",\"versionEndIncluding\":\"5.6.6\",\"matchCriteriaId\":\"EB3742EA-F966-42BE-A46A-54D8B5DE0539\"}]}]}],\"references\":[{\"url\":\"https://github.com/wolfSSL/wolfssl/issues/7089\",\"source\":\"facts@wolfssl.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/wolfSSL/wolfssl/pull/7099\",\"source\":\"facts@wolfssl.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/wolfSSL/wolfssl/issues/7089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/wolfSSL/wolfssl/pull/7099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/wolfSSL/wolfssl/issues/7089\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/wolfSSL/wolfssl/pull/7099\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:18:19.076Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0901\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-01T18:38:31.765222Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*\"], \"vendor\": \"wolfssl\", \"product\": \"wolfssl\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.12.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.6.6\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-01T18:39:37.698Z\"}}], \"cna\": {\"title\": \"SEGV and out of bounds memory read from malicious packet\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Jiamin Yu\"}], \"impacts\": [{\"capecId\": \"CAPEC-123\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-123 Buffer Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/wolfSSL/wolfssl\", \"vendor\": \"wolfSSL\", \"product\": \"wolfSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.12.2\", \"versionType\": \"release bundle\", \"lessThanOrEqual\": \"5.6.6\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update wolfSSL to 5.7.0 or apply the fix located in:\\u00a0 https://github.com/wolfSSL/wolfssl/pull/7099 .\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update wolfSSL to 5.7.0 or apply the fix located in:\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/wolfSSL/wolfssl/pull/7099\\\"\u003ehttps://github.com/wolfSSL/wolfssl/pull/7099\u003c/a\u003e.\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-03-20T23:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/wolfSSL/wolfssl/issues/7089\"}, {\"url\": \"https://github.com/wolfSSL/wolfssl/pull/7099\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-129\", \"description\": \"CWE-129 Improper Validation of Array Index\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\\u00a0If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAffects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIf using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"50d2cd11-d01a-48ed-9441-5bfce9d63b27\", \"shortName\": \"wolfSSL\", \"dateUpdated\": \"2024-03-25T22:37:56.581Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0901\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:39:44.207Z\", \"dateReserved\": \"2024-01-25T19:15:43.102Z\", \"assignerOrgId\": \"50d2cd11-d01a-48ed-9441-5bfce9d63b27\", \"datePublished\": \"2024-03-25T22:37:56.581Z\", \"assignerShortName\": \"wolfSSL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.