CVE-2019-16748
First published: Tue Sep 24 2019(Updated: )
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WolfSSL wolfssl | <=4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-16748.
What is the severity of CVE-2019-16748?
The severity of CVE-2019-16748 is critical with a CVSS score of 9.8.
What is the affected software?
The affected software is Wolfssl version up to and including 4.1.0.
Which component of Wolfssl is affected by CVE-2019-16748?
The component affected by CVE-2019-16748 is CheckCertSignature_ex in wolfcrypt/src/asn.c.
Is there a fix available for CVE-2019-16748?
Yes, the fix for CVE-2019-16748 is available. It is recommended to update to a version of Wolfssl that is higher than 4.1.0.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wolfssl
- canonical/wolfssl wolfssl
- version/wolfssl wolfssl/4.1.0