CVE-2024-5991

CVSS V2 None CVSS V3 None
Description
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.
Overview
  • CVE ID
  • CVE-2024-5991
  • Assigner
  • wolfSSL
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-27T18:33:27.550Z
  • Last Modified Date
  • 2024-08-27T20:06:24.558Z
References
History
Created Old Value New Value Data Type Notes
2024-08-28 13:08:30 Added to TrackCVE