CVE-2024-0901 - Vulnerability Details - OpenCVE

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00305.

Key SSVC decision points have not yet been added.

Vendors	Products
Wolfssl Subscribe	Wolfssl Subscribe

Configuration 1 [-]

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Wolfssl Subscribe	Wolfssl Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-16683	Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

Fixes

Solution

Update wolfSSL to 5.7.0 or apply the fix located in: https://github.com/wolfSSL/wolfssl/pull/7099 .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/wolfSSL/wolfssl/issues/7089
https://github.com/wolfSSL/wolfssl/pull/7099

History

Mon, 15 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:wolfssl:wolfssl::::::::

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2024-03-25T22:37:56.581Z

Updated: 2024-08-01T18:39:44.207Z

Reserved: 2024-01-25T19:15:43.102Z

Link: CVE-2024-0901

Vulnrichment

Updated: 2024-08-01T18:18:19.076Z

NVD

Status : Analyzed

Published: 2024-03-25T23:15:51.250

Modified: 2025-12-15T21:42:52.097

Link: CVE-2024-0901

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:01:17Z

Weaknesses

CWE-129

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0901", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2024-01-25T19:15:43.102Z", "datePublished": "2024-03-25T22:37:56.581Z", "dateUpdated": "2024-08-01T18:39:44.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "versions": [{"lessThanOrEqual": "5.6.6", "status": "affected", "version": "3.12.2", "versionType": "release bundle"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. <span style=\"background-color: rgb(255, 255, 255);\">If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.</span></span><br>"}], "value": "Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\u00a0If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jiamin Yu"}], "datePublic": "2024-03-20T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.<br>"}], "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n"}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-03-25T22:37:56.581Z"}, "references": [{"url": "https://github.com/wolfSSL/wolfssl/issues/7089"}, {"url": "https://github.com/wolfSSL/wolfssl/pull/7099"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update wolfSSL to 5.7.0 or apply the fix located in: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/7099\">https://github.com/wolfSSL/wolfssl/pull/7099</a>.<br>"}], "value": "Update wolfSSL to 5.7.0 or apply the fix located in:\u00a0 https://github.com/wolfSSL/wolfssl/pull/7099 .\n"}], "source": {"discovery": "EXTERNAL"}, "title": "SEGV and out of bounds memory read from malicious packet", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:19.076Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/wolfSSL/wolfssl/issues/7089", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/7099", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "wolfssl", "product": "wolfssl", "cpes": ["cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.12.2", "status": "affected", "lessThanOrEqual": "5.6.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T18:38:31.765222Z", "id": "CVE-2024-0901", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:39:44.207Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wolfSSL/wolfssl/issues/7089", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/7099", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:19.076Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0901", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T18:38:31.765222Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"], "vendor": "wolfssl", "product": "wolfssl", "versions": [{"status": "affected", "version": "3.12.2", "versionType": "custom", "lessThanOrEqual": "5.6.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:39:37.698Z"}}], "cna": {"title": "SEGV and out of bounds memory read from malicious packet", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jiamin Yu"}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "product": "wolfSSL", "versions": [{"status": "affected", "version": "3.12.2", "versionType": "release bundle", "lessThanOrEqual": "5.6.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update wolfSSL to 5.7.0 or apply the fix located in:\u00a0 https://github.com/wolfSSL/wolfssl/pull/7099 .\n", "supportingMedia": [{"type": "text/html", "value": "Update wolfSSL to 5.7.0 or apply the fix located in: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/7099\">https://github.com/wolfSSL/wolfssl/pull/7099</a>.<br>", "base64": false}]}], "datePublic": "2024-03-20T23:00:00.000Z", "references": [{"url": "https://github.com/wolfSSL/wolfssl/issues/7089"}, {"url": "https://github.com/wolfSSL/wolfssl/pull/7099"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n", "supportingMedia": [{"type": "text/html", "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "configurations": [{"lang": "en", "value": "Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client.\u00a0If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. <span style=\"background-color: rgb(255, 255, 255);\">If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used.</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-03-25T22:37:56.581Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0901", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:39:44.207Z", "dateReserved": "2024-01-25T19:15:43.102Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-03-25T22:37:56.581Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB3742EA-F966-42BE-A46A-54D8B5DE0539", "versionEndIncluding": "5.6.6", "versionStartIncluding": "3.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n"}, {"lang": "es", "value": "SEGV ejecutado de forma remota y lectura fuera de los l\u00edmites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los l\u00edmites mediante el env\u00edo de un paquete con formato incorrecto y con la longitud correcta."}], "id": "CVE-2024-0901", "lastModified": "2025-12-15T21:42:52.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "facts@wolfssl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-25T23:15:51.250", "references": [{"source": "facts@wolfssl.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssl/issues/7089"}, {"source": "facts@wolfssl.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/7099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssl/issues/7089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/7099"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}