OSV-2023-13

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfssl/OSV-2023-13.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-13
Published
2023-01-19T13:00:10.880902Z
Modified
2023-01-19T13:00:10.881276Z
Summary
Heap-buffer-overflow in wc_AesCbcEncrypt
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55161

Crash type: Heap-buffer-overflow WRITE 16
Crash state:
wc_AesCbcEncrypt
evpCipherBlock
wolfSSL_EVP_CipherUpdate
References

Affected packages

OSS-Fuzz / wolfssl

Package

Name
wolfssl
Purl
pkg:generic/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Introduced
af379f0a0f4c343208a434d3036ff47c07f61f17
Fixed
e1d9b37f8482a9ef198cca9fba4099bb0b15cec2

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "introduced_range": "08a988f55735e7d18f0eb01e84294089706016b6:b15bc3d2368dc2f990cda0c235711498cc758996",
    "fixed_range": "7120ae1961662feb3f0d8d17091aa99e3689e4ed:e1d9b37f8482a9ef198cca9fba4099bb0b15cec2"
}