First published: Tue Jan 28 2020(Updated: )
wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <2.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security issue is CVE-2014-2898.
The severity of CVE-2014-2898 is critical, with a severity value of 9.8.
wolfSSL CyaSSL versions up to 2.9.0 are affected by CVE-2014-2898.
CVE-2014-2898 allows remote attackers to trigger an out-of-bounds read, leading to unspecified impact.
Yes, here are some references for CVE-2014-2898: [1](http://seclists.org/oss-sec/2014/q2/126), [2](http://seclists.org/oss-sec/2014/q2/130), [3](http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html).