Vulnerability Details : CVE-2014-2896
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
Vulnerability category: Memory Corruption
Products affected by CVE-2014-2896
- cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2896
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2896
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-2896
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2896
-
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
wolfSSL Security Advisory: April 9, 2014 - wolfSSLVendor Advisory
-
http://seclists.org/oss-sec/2014/q2/130
oss-sec: Re: CVE ids for CyaSSL 2.9.4?Mailing List;Third Party Advisory
-
http://seclists.org/oss-sec/2014/q2/126
oss-sec: CVE ids for CyaSSL 2.9.4?Mailing List;Third Party Advisory
-
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
wolfSSL Changelog | wolfSSL Embedded SSL/TLS Library DocumentationVendor Advisory
Jump to