CVE-2020-36177
- Source
- https://cve.org/CVERecord?id=CVE-2020-36177
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36177.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-36177
- Downstream
- Published
- 2021-01-06T16:15:12.440Z
- Modified
- 2026-04-11T16:25:21.642147Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
- References
-
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
- https://github.com/wolfSSL/wolfssl/pull/3426
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
Affected packages
Git / github.com/wolfssl/wolfssl
Affected versions
Other
WCv4-rng-stable
l
list
v0.*
v0.5
v1.*
v1.8.8.0
v1.9.0
v2.*
v2.0.2
v2.0.3
v2.0.6
v2.0.8
v2.0rc1
v2.0rc2
v2.0rc2b
v2.0rc3
v2.4.2
v2.4.6
v2.4.7
v2.6.0
v2.6.2
v2.7.0
v2.7.2
v2.8.0
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.5a
v2.8.6
v2.9.0
v2.9.1
v2.9.2
v2.9.4
v3.*
v3.10.0-stable
v3.10.0a
v3.10.2-stable
v3.10.3
v3.11.0-stable
v3.11.1-tls13-beta
v3.12.0-stable
v3.12.2-stable
v3.13.0-stable
v3.13.2
v3.13.3
v3.14.0-stable
v3.14.0a
v3.14.0b
v3.14.2
v3.14.4
v3.15.0-stable
v3.15.3-stable
v3.15.5-stable
v3.15.5a
v3.15.6
v3.15.7-stable
v3.2.0
v3.2.4
v3.2.6
v3.3.0
v3.3.3
v3.4.0
v3.4.2
v3.4.6
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.7.3
v3.8.0
v3.9.0
v3.9.1
v3.9.10-stable
v3.9.10b
v3.9.6
v3.9.6w
v3.9.8
v4.*
v4.0.0-stable
v4.1.0-stable
v4.2.0-stable
v4.2.0c
v4.3.0-stable
v4.4.0-stable
v4.5.0-stable
Database specific
vanir_signatures_modified
"2026-04-11T16:25:21Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36177.json"
vanir_signatures
[
{
"signature_type": "Function",
"target": {
"function": "RsaPad_PSS",
"file": "wolfcrypt/src/rsa.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-36177-03c1f61b",
"source": "https://github.com/wolfssl/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f",
"digest": {
"function_hash": "264827503117103137381520981783684502268",
"length": 3081.0
}
},
{
"signature_type": "Line",
"target": {
"file": "wolfcrypt/src/rsa.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-36177-adf7e918",
"source": "https://github.com/wolfssl/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f",
"digest": {
"line_hashes": [
"244815057942282647704864094280604518122",
"123195831299163795745100102789505259996",
"309197391360104330999440084668058661684",
"223146927799649566694162939976658908098",
"157950005634068540855893224554786606773",
"2282713271697244534451274437673194079",
"187845394820170994270299454468444059367",
"52726399942148932508781299152087779106",
"34943820391457858706721849243820306433",
"259562928944948835646167924459328588964",
"287813323524317699182752393365196798478",
"322024080002241617975419750365199625970",
"41941024797507571717993383206268874663",
"146733773366898157865344531513444698049",
"241161486851679814673571446896303206491",
"331787621892583087312045700383027127388",
"318152332990762196055583516693558984668",
"122476733053937695029843239693435363133",
"130769971250333428400709323991852545009",
"65729659553828944432268725332215656968",
"290483538726766040594276124988884833412",
"238338465984659128903116804957332847952",
"6517069392918277216799451500978290475",
"28217279333432533698061129410179353200",
"155768245028890335374704626374571268873",
"123065967750714728483204853449574795461",
"4165696885982239691162648787916102708",
"106384731890444553251747088636781840227",
"118449229286489254222740503918275919187",
"12804832652334037016008962743515846191",
"311334367273864107559091901172400196359",
"111505162837627812298630060997139385864",
"275283786168184748658947656770546945395",
"141825205460509034935881322110166488814"
],
"threshold": 0.9
}
}
]