CVE-2017-2800
First published: Wed May 24 2017(Updated: )
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| wolfSSL wolfMQTT | <=3.10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2800?
CVE-2017-2800 is considered a high severity vulnerability due to its potential for denial of service and remote code execution.
How do I fix CVE-2017-2800?
To mitigate CVE-2017-2800, upgrade wolfSSL to version 3.10.3 or later.
What types of vulnerabilities are associated with CVE-2017-2800?
CVE-2017-2800 can result in certificate validation vulnerabilities, denial of service, and possible remote code execution.
Which versions of wolfSSL are affected by CVE-2017-2800?
All versions of wolfSSL up to and including 3.10.2 are affected by CVE-2017-2800.
What kind of attack can exploit CVE-2017-2800?
An attacker can exploit CVE-2017-2800 by supplying a specially crafted x509 certificate.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/wolfssl
- canonical/wolfssl wolfmqtt
- version/wolfssl wolfmqtt/3.10.2