CVE-2019-11873

{"id": "CVE-2019-11873", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-23T13:29:07.567", "references": [{"url": "http://www.securityfocus.com/bid/108466", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/108466", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack."}, {"lang": "es", "value": "wolfSSL 4.0.0 tiene un Desbordamiento de B\u00fafer en DoPreSharedKeys en tls13.c, cuando un tama\u00f1o de identidad actual es mayor que un tama\u00f1o de identidad de cliente. Un atacante env\u00eda un paquete hello client creado a trav\u00e9s de la red hacia un servidor wolfSSL TLSv1.3. Los campos de longitud del paquete: longitud de registro, longitud de hello client, longitud total de extensiones, longitud de extensi\u00f3n PSK, longitud total de identidad y longitud de identidad contienen su valor m\u00e1ximo, que es 2^16. El campo de datos de identidad de la extensi\u00f3n PSK del paquete contiene los datos de ataque, que se almacenar\u00e1n en la memoria indefinida (RAM) del servidor. El tama\u00f1o de los datos es de unos 65 kB. Posiblemente el atacante pueda ejecutar un ataque de ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2024-11-21T04:21:56.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FEE318-BAD5-4CE8-AE48-A4E7D28281B8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}