CVE-2020-36177
Summary
| CVE | CVE-2020-36177 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-06 16:15:00 UTC |
| Updated | 2021-01-12 14:39:00 UTC |
| Description | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 26567 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail | MISC | bugs.chromium.org | Exploit, Mailing List, Third Party Advisory |
| RSA-PSS: Handle edge case with encoding message to hash · wolfSSL/wolfssl@fb2288c · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Release wolfSSL release version 4.6.0 · wolfSSL/wolfssl · GitHub | MISC | github.com | Third Party Advisory |
| RSA-PSS: Handle edge case with encoding message to hash by SparkiDev · Pull Request #3426 · wolfSSL/wolfssl · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Merge pull request #3426 from SparkiDev/rsa_pss_fix · wolfSSL/wolfssl@63bf5dc · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180794 Debian Security Update for wolfssl (CVE-2020-36177)