9.8

CVE-2014-2896

The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WolfsslWolfssl Version >= 2.5.0 < 2.9.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.77% 0.844
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/oss-sec/2014/q2/126
Third Party Advisory
Mailing List
http://seclists.org/oss-sec/2014/q2/130
Third Party Advisory
Mailing List
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Vendor Advisory
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
Vendor Advisory