Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cwpg-8775-j56v

Опубликовано: 21 фев. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 5.3

Описание

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

Ссылки

EPSS

Процентиль: 49%
0.00255
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2023-6936

Дефекты

CWE-125
CWE-126

Связанные уязвимости

ubuntu логотип

CVE-2023-6936

CVSS3: 5.3
ubuntu
почти 2 года назад

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

nvd логотип

CVE-2023-6936

CVSS3: 5.3
nvd
почти 2 года назад

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

msrc логотип

CVE-2023-6936

CVSS3: 9.1
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2023-6936

CVSS3: 5.3
debian
почти 2 года назад

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the ...

EPSS

Процентиль: 49%
0.00255
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2023-6936

Дефекты

CWE-125
CWE-126