OSV-2023-358

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfssl/OSV-2023-358.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-358
Published
2023-05-01T14:01:17.580134Z
Modified
2023-05-14T14:16:55.769240Z
Summary
Heap-double-free in wolfCrypt_custom_free
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58484

Crash type: Heap-double-free
Crash state:
wolfCrypt_custom_free
wolfSSL_Free
FreeOcspRequest
References

Affected packages

OSS-Fuzz / wolfssl

Package

Name
wolfssl
Purl
pkg:generic/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Introduced
b2a6203ec01fcc5d55ab37b3d0e85ab160e962d4
Fixed
c17cff72654ec46b1be6d3c03869bd4bd91f240a

Affected versions

v5.*

v5.6.0-stable

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "a68b0d8ecf8bcbce004ac4ddc32d3b44b4a97670:c17cff72654ec46b1be6d3c03869bd4bd91f240a"
}