Your submission was sent successfully! Close

CVE-2019-18840

Published: 09 November 2019

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
Upstream
Released (4.2.0+dfsg-3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (4.2.0+dfsg-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c