[Buildroot] [PATCH] package/wolfssl: add upstream security fix for CVE-2019–18840
Peter Korsgaard
peter at korsgaard.com
Fri Nov 29 09:13:05 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerability:
> - CVE-2019-18840: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity
> checks of memory accesses in parsing ASN.1 certificate data while
> handshaking. Specifically, there is a one-byte heap-based buffer overflow
> inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because
> the domain name location index is mishandled. Because a pointer is
> overwritten, there is an invalid free.
> For details, see the writeup:
> https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list