CVE-2020-36177

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36177

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36177.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36177

Downstream

DEBIAN-CVE-2020-36177

UBUNTU-CVE-2020-36177

Published

2021-01-06T16:15:12.440Z

Modified

2025-11-20T11:27:30.259908Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.

References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type: GIT
Repo: https://github.com/wolfssl/wolfssl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

63bf5dc56ccbfc12a73b06327361687091a4c6f7

Fixed

9c87f979a7f1d3a6d786b260653d566c1d31a1c4

Fixed

fb2288c46dd4c864b78f00a47a364b96a09a5c0f

Affected versions

Other

WCv4-rng-stable

WCv4-stable

list

wolfRand-RC2

WCv4.*

WCv4.0-RC5

WCv4.0-RC6

WCv4.0-RC8

WCv4.0-RC9

v0.*

v0.5

v1.*

v1.8.8.0

v1.9.0

v2.*

v2.0.2

v2.0.3

v2.0.6

v2.0.8

v2.0rc1

v2.0rc2

v2.0rc2b

v2.0rc3

v2.1.1

v2.1.2

v2.1.4

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.4.0

v2.4.2

v2.4.6

v2.4.7

v2.5.0

v2.5.2

v2.5.2b

v2.6.0

v2.6.2

v2.7.0

v2.7.2

v2.8.0

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.5a

v2.8.6

v2.9.0

v2.9.1

v2.9.2

v2.9.4

v3.*

v3.0.0

v3.0.2

v3.1.0

v3.10.0-stable

v3.10.0a

v3.10.2-stable

v3.10.3

v3.10.4

v3.11.0-stable

v3.11.1-tls13-beta

v3.12.0-stable

v3.12.2-stable

v3.13.0-stable

v3.13.2

v3.13.3

v3.14.0-stable

v3.14.0a

v3.14.0b

v3.14.2

v3.14.4

v3.14.5

v3.15.0-stable

v3.15.3-stable

v3.15.5-stable

v3.15.5a

v3.15.6

v3.15.7-stable

v3.15.8

v3.2.0

v3.2.4

v3.2.6

v3.3.0

v3.3.3

v3.4.0

v3.4.2

v3.4.6

v3.4.8

v3.6.0

v3.6.0b

v3.6.2

v3.6.6

v3.6.8

v3.6.9

v3.6.9b

v3.6.9c

v3.6.9d

v3.69.d

v3.7.0

v3.7.1

v3.7.3

v3.8.0

v3.9.0

v3.9.1

v3.9.10-stable

v3.9.10b

v3.9.6

v3.9.6w

v3.9.8

v4.*

v4.0.0-stable

v4.1.0-stable

v4.2.0-stable

v4.2.0c

v4.3.0-stable

v4.4.0-stable

v4.5.0-stable

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "wolfcrypt/src/rsa.c",
            "function": "RsaPad_PSS"
        },
        "source": "https://github.com/wolfssl/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f",
        "digest": {
            "length": 3081.0,
            "function_hash": "264827503117103137381520981783684502268"
        },
        "id": "CVE-2020-36177-03c1f61b"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "wolfcrypt/src/rsa.c"
        },
        "source": "https://github.com/wolfssl/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f",
        "digest": {
            "line_hashes": [
                "244815057942282647704864094280604518122",
                "123195831299163795745100102789505259996",
                "309197391360104330999440084668058661684",
                "223146927799649566694162939976658908098",
                "157950005634068540855893224554786606773",
                "2282713271697244534451274437673194079",
                "187845394820170994270299454468444059367",
                "52726399942148932508781299152087779106",
                "34943820391457858706721849243820306433",
                "259562928944948835646167924459328588964",
                "287813323524317699182752393365196798478",
                "322024080002241617975419750365199625970",
                "41941024797507571717993383206268874663",
                "146733773366898157865344531513444698049",
                "241161486851679814673571446896303206491",
                "331787621892583087312045700383027127388",
                "318152332990762196055583516693558984668",
                "122476733053937695029843239693435363133",
                "130769971250333428400709323991852545009",
                "65729659553828944432268725332215656968",
                "290483538726766040594276124988884833412",
                "238338465984659128903116804957332847952",
                "6517069392918277216799451500978290475",
                "28217279333432533698061129410179353200",
                "155768245028890335374704626374571268873",
                "123065967750714728483204853449574795461",
                "4165696885982239691162648787916102708",
                "106384731890444553251747088636781840227",
                "118449229286489254222740503918275919187",
                "12804832652334037016008962743515846191",
                "311334367273864107559091901172400196359",
                "111505162837627812298630060997139385864",
                "275283786168184748658947656770546945395",
                "141825205460509034935881322110166488814"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-36177-adf7e918"
    }
]