CVE-2023-33613
Description
axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
axTLS v2.1.5 contains a heap buffer overflow in bi_import while parsing a private key, leading to denial of service.
Vulnerability
axTLS v2.1.5 is affected by a heap buffer overflow vulnerability in the bi_import function in axtls-code/crypto/bigint.c. The bug occurs when parsing a specially crafted private key, causing a read access beyond the allocated heap buffer. This issue exists in the latest release v2.1.5 [1].
Exploitation
An attacker can trigger the vulnerability by supplying a malicious private key file to an axTLS server (e.g., via the -key option). The server will parse the key, leading to a heap buffer overflow. No authentication is required if the attacker can control the private key input [1].
Impact
Successful exploitation causes a heap buffer overflow, resulting in a denial of service (DoS) due to application crash. The overflow is a read of size 1 beyond the buffer, as detected by AddressSanitizer, and may also lead to unpredictable behavior [1].
Mitigation
No official patch or fixed version has been released for axTLS v2.1.5 as of the publication date. Users should limit exposure by avoiding the use of untrusted private keys or switching to an alternative TLS library until a fix is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- axTLS/axTLSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.