CVE-2019-11873 - wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is gr

CVE-2019-11873

Summary

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack.

References

Vulnerable Configurations

cpe:2.3:a:wolfssl:wolfssl:4.0:-:*:*:*:*:*:*
cpe:2.3:a:wolfssl:wolfssl:4.0:-:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 22-04-2022 - 20:11)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	108466
misc	https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf

Last major update

22-04-2022 - 20:11

Published

23-05-2019 - 13:29

Last modified

22-04-2022 - 20:11