OSV-2023-16

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfssl/OSV-2023-16.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-16

Published

2023-01-19T13:01:55.600112Z

Modified

2023-01-19T13:01:55.600343Z

Summary

Heap-buffer-overflow in wc_AesFeedbackEncrypt

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55174

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
wc_AesFeedbackEncrypt
wc_AesOfbEncrypt
evpCipherBlock

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55174

Affected packages

OSS-Fuzz / wolfssl

Package

Name: wolfssl
Purl: pkg:generic/wolfssl

Affected ranges

Type: GIT
Repo: https://github.com/wolfssl/wolfssl
Events: Introduced

af379f0a0f4c343208a434d3036ff47c07f61f17

Fixed

e1d9b37f8482a9ef198cca9fba4099bb0b15cec2

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "08a988f55735e7d18f0eb01e84294089706016b6:b15bc3d2368dc2f990cda0c235711498cc758996",
    "fixed_range": "7120ae1961662feb3f0d8d17091aa99e3689e4ed:e1d9b37f8482a9ef198cca9fba4099bb0b15cec2"
}