CVE-2024-0901

Published: Mar 25, 2024Modified: Dec 15, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

Affected (1)

Products: Wolfssl: Wolfssl

Wolfssl

1 product

Wolfssl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wolfssl Wolfssl	From 3.12.2 to 5.6.6

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

https://github.com/wolfSSL/wolfssl/issues/7089

Source: facts@wolfssl.com

ExploitIssue Tracking

https://github.com/wolfSSL/wolfssl/pull/7099

Source: facts@wolfssl.com

Issue TrackingPatch

https://github.com/wolfSSL/wolfssl/issues/7089

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://github.com/wolfSSL/wolfssl/pull/7099

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.