wolfSSL.DoPreSharedKeys.PSK.Identity.Buffer.Overflow
Description
This indicates an attack attempt to exploit an Input Validation Error Vulnerability in wolfSSL.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted Client Hello with an abnormally large Identity in the PSK extension. Successful exploitation will result in the attacker being able to execute arbitrary code with the privileges of the application, whereas an unsuccessful attack will lead to a denial-of-service condition.
Affected Products
wolfSSL prior to commit 5aa5f350ba0f05a6e19e0b680a32975aa8871686
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/wolfSSL/wolfssl/pull/2239/commits
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |