CVE-2024-0901

HIGH

WolfSSL 3.12.2 through 5.6.6 - Memory Corruption

Title source: llm

Description

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

References (2)

[Exploit, Issue Tracking] https://github.com/wolfSSL/wolfssl/issues/7089

[Issue Tracking, Patch] https://github.com/wolfSSL/wolfssl/pull/7099

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 53.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

Details

CWE

CWE-129

Status published

Products (1)

wolfssl/wolfssl 3.12.2 - 5.6.6

Published Mar 25, 2024

Tracked Since Feb 18, 2026