CVE-2017-2800

Exploit

EPSS 14.19%
Published 24.05.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wolfssl ≫ Wolfssl Version <= 3.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	14.19%	0.941

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0293

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/41984/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-2800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2800

EUVD