Vulnerability Details : CVE-2020-36177
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2020-36177
Probability of exploitation activity in the next 30 days: 0.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-36177
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-36177
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36177
-
https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
Merge pull request #3426 from SparkiDev/rsa_pss_fix · wolfSSL/wolfssl@63bf5dc · GitHubPatch;Third Party Advisory
-
https://github.com/wolfSSL/wolfssl/pull/3426
RSA-PSS: Handle edge case with encoding message to hash by SparkiDev · Pull Request #3426 · wolfSSL/wolfssl · GitHubPatch;Third Party Advisory
-
https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
RSA-PSS: Handle edge case with encoding message to hash · wolfSSL/wolfssl@fb2288c · GitHubPatch;Third Party Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
26567 - wolfssl:fuzzer-wolfssl-rsa: Heap-buffer-overflow in RsaPad_PSS - oss-fuzzExploit;Mailing List;Third Party Advisory
-
https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
Release wolfSSL release version 4.6.0 · wolfSSL/wolfssl · GitHubThird Party Advisory
Products affected by CVE-2020-36177
- cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*