What is the severity of CVE-2024-5991?

The severity of CVE-2024-5991 is currently classified as high due to the potential for denial of service or security bypass.

How do I fix CVE-2024-5991?

To fix CVE-2024-5991, upgrade to a version of wolfSSL later than 5.7.0 that addresses this vulnerability.

What software is affected by CVE-2024-5991?

CVE-2024-5991 affects all versions of wolfSSL up to and including 5.7.0.

What vulnerability does CVE-2024-5991 describe?

CVE-2024-5991 describes a vulnerability in the MatchDomainName() function where unchecked user input is treated as a NULL terminated string.

Can CVE-2024-5991 lead to remote exploitation?

Yes, CVE-2024-5991 has the potential to be exploited remotely due to improper handling of user input.

Vulnerability/
CVE-2024-5991

critical

CWE

125

27/8/2024

6/9/2024

CVE-2024-5991: Buffer overread in domain name matching

First published: Tue Aug 27 2024(Updated: )

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

Credit: facts@wolfssl.com

Affected Software	Affected Version	How to fix
wolfSSL wolfMQTT	<=5.7.0

Remedy

Fixed in the following github pull request https://https://github.com/wolfSSL/wolfssl/pull/7604

Remedy

https://github.com/wolfSSL/wolfssl/pull/7604

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-5991?
The severity of CVE-2024-5991 is currently classified as high due to the potential for denial of service or security bypass.
How do I fix CVE-2024-5991?
To fix CVE-2024-5991, upgrade to a version of wolfSSL later than 5.7.0 that addresses this vulnerability.
What software is affected by CVE-2024-5991?
CVE-2024-5991 affects all versions of wolfSSL up to and including 5.7.0.
What vulnerability does CVE-2024-5991 describe?
CVE-2024-5991 describes a vulnerability in the MatchDomainName() function where unchecked user input is treated as a NULL terminated string.
Can CVE-2024-5991 lead to remote exploitation?
Yes, CVE-2024-5991 has the potential to be exploited remotely due to improper handling of user input.

agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/references
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
vendor/wolfssl
canonical/wolfssl wolfmqtt
version/wolfssl wolfmqtt/5.7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.