#VU50252 Out-of-bounds write in wolfSSL - CVE-2020-36177

Cybersecurity Help s.r.o.

Published: 2021-01-06 | Updated: 2021-02-02

Vulnerability identifier: #VU50252

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-36177

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
wolfSSL
Universal components / Libraries / Libraries used by multiple products

Vendor: wolfSSL

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input for certain relationships between key size and digest size within the RsaPad_PSS() function in wolfcrypt/src/rsa.c in wolfSSL. A remote attacker can send specially crafted data to the application, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

wolfSSL: 2.0.3 - 4.5.0

External links
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
https://github.com/wolfSSL/wolfssl/pull/3426
https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenWrt wolfSSL implementation

Remote code execution in wolfSSL