deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/wolfssl
History
Peter Korsgaard 92327cd9e2 package/wolfssl: add upstream security fix for CVE-2019–18840 
Fixes the following security vulnerability:

- CVE-2019-18840: In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity
  checks of memory accesses in parsing ASN.1 certificate data while
  handshaking.  Specifically, there is a one-byte heap-based buffer overflow
  inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because
  the domain name location index is mishandled.  Because a pointer is
  overwritten, there is an invalid free.

For details, see the writeup:
https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-29 10:12:58 +01:00
..
0001-Check-domain-name-location-index-hasn-t-exceed-maxim.patch package/wolfssl: add upstream security fix for CVE-2019–18840 2019-11-29 10:12:58 +01:00
Config.in
wolfssl.hash package/wolfssl: cleanup version/download logic 2019-10-31 23:47:02 +01:00
wolfssl.mk package/wolfssl: cleanup version/download logic 2019-10-31 23:47:02 +01:00