Source: wolfssl Version: 4.5.0+dfsg-4 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/wolfSSL/wolfssl/pull/3426 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for wolfssl. CVE-2020-36177[0]: | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out- | of-bounds write for certain relationships between key size and digest | size. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-36177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36177 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 [2] https://github.com/wolfSSL/wolfssl/pull/3426 Regards, Salvatore