CVE-2023-6936

Name
CVE-2023-6936
Description
In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://github.com/wolfSSL/wolfssl/pull/6949/
vendor-advisory https://www.wolfssl.com/docs/security-vulnerabilities/

Match rules

CPE URI Source package Min version Max version
wolfssl >= 0 <= 5.6.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status