VYPR
Unrated severityNVD Advisory· Published Aug 27, 2024· Updated Aug 27, 2024

Buffer overread in domain name matching

CVE-2024-5991

Description

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

Affected products

2
  • WolfSSL/Wolfsslllm-fuzzy2 versions
    <=5.7.0+ 1 more
    • (no CPE)range: <=5.7.0
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.