OSV-2021-257

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/cryptofuzz/OSV-2021-257.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-257
Published
2021-01-30T00:01:07.919205Z
Modified
2022-04-13T03:04:35.105209Z
Summary
Stack-buffer-overflow in kdf_sshkdf_set_ctx_params
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30037

Crash type: Stack-buffer-overflow READ 1
Crash state:
kdf_sshkdf_set_ctx_params
EVP_KDF_CTX_set_params
cryptofuzz::module::OpenSSL::OpKDF_SSH
References

Affected packages

OSS-Fuzz / cryptofuzz

Package

Name
cryptofuzz
Purl
pkg:generic/cryptofuzz

Affected ranges

Type
GIT
Repo
https://github.com/guidovranken/cryptofuzz
Events
Introduced
354a934228d9892291a08c72115d9758e3079ee8
Fixed
515dd7aaf8ac0cbe6c0a5adc7aede32092cebf0a
Fixed
5fdf7b2e3fe603a879d3f3a06083aeccb59f7b46

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "36d6be20b94a36a4d4d94e30994a567ea72d9836:5fdf7b2e3fe603a879d3f3a06083aeccb59f7b46"
}