First published: Wed Jan 06 2021(Updated: )
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <4.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-36177 is a vulnerability in wolfSSL before version 4.6.0 that allows an out-of-bounds write in RsaPad_PSS function.
The severity of CVE-2020-36177 is critical (CVSS score: 9.8).
CVE-2020-36177 affects wolfSSL versions up to but excluding 4.6.0.
To fix CVE-2020-36177, update wolfSSL to version 4.6.0 or newer.