Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2019-11873

Published: 23/05/2019 Updated: 22/04/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Wolfssl

Vulnerability Summary

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wolfssl wolfssl 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: wolfssl: CVE-2019-11873
Debian Bug report logs - #929468 wolfssl: CVE-2019-11873 Package: src:wolfssl; Maintainer for src:wolfssl is Felix Lechner <felixlechner@lease-upcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 24 May 2019 07:30:02 UTC Severity: grave Tags: security, upstream Found in version wolfssl/3153+d ...

References

CWE-787https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdfhttps://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842http://www.securityfocus.com/bid/108466https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929468https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook