← Retour aux CVEs
CVE-2017-2800
CRITICAL9.8
Description
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie5/24/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
wolfssl:wolfssl
Faiblesses (CWE)
CWE-295
References
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0293(talos-cna@cisco.com)
https://www.exploit-db.com/exploits/41984/(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0293(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41984/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.