Main
Vulnerability Database
Exploits
ID:1179 - Exploit for Out-of-bounds write in wolfSSL - CVE-2017-2800
ID:1179 - Exploit for Out-of-bounds write in wolfSSL - CVE-2017-2800
Published: March 18, 2020
Vulnerability identifier: #VU6519
Vulnerability risk: High
CVE-ID: CVE-2017-2800
CWE-ID: CWE-787
Exploitation vector: Remote access
Vulnerable software:
wolfSSL
wolfSSL
Link to public exploit:
Vulnerability description
The vulnerability allows a remote unauthenticated attacker execute arbitrary code or cause DoS condition.
The weakness exists due to improper parsing of X.509 certificates by wolfSSL library. A remote attacker can send specially crafted X.509 certificates, cause an out-of-bounds write by one condition in the wolfSSL_X509_NAME_get_text_by_NID function and execute arbitrary code or cause the application to crash.
Successful exploitation of the vulnerability may result in arbitrary code execution or denial of service.
The weakness exists due to improper parsing of X.509 certificates by wolfSSL library. A remote attacker can send specially crafted X.509 certificates, cause an out-of-bounds write by one condition in the wolfSSL_X509_NAME_get_text_by_NID function and execute arbitrary code or cause the application to crash.
Successful exploitation of the vulnerability may result in arbitrary code execution or denial of service.
Remediation
Update to version 3.11.