Unrated severityNVD Advisory· Published Nov 9, 2019· Updated Aug 5, 2024
CVE-2019-18840
CVE-2019-18840
Description
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/wolfSSL/wolfssl/issues/2555mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.