First published: Tue Sep 24 2019(Updated: )
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <=4.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-16748.
The severity of CVE-2019-16748 is critical with a CVSS score of 9.8.
The affected software is Wolfssl version up to and including 4.1.0.
The component affected by CVE-2019-16748 is CheckCertSignature_ex in wolfcrypt/src/asn.c.
Yes, the fix for CVE-2019-16748 is available. It is recommended to update to a version of Wolfssl that is higher than 4.1.0.