wolfSSL Library x509 Certificate Parsing Vulnerability
Cisco Talos reports that wolfSSL library versions up to and including 3.10.2 contain a buffer overflow vulnerability within the x509 certificate parsing function. A malicious actor using a specially crafted x509 certificate could cause an off-by-one NULL byte to be written into the adjacent memory variable on the stack or heap, depending on the buffer allocation scheme. This could result in certificate validation issues, denial-of-service conditions, and remote code execution. The NJCCIC recommends users and administrators of products that include wolfSSL review the Cisco Talos report and apply the necessary updates as soon as they become available. A full list of wolfSSL vulnerabilities can be found here.