CVEs-PoC/2024/CVE-2024-5991.md

CVE-2024-5991

Description

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

POC

Reference

No PoCs from references.

Github

• https://github.com/wolfSSL/Arduino-wolfSSL
• https://github.com/wolfSSL/wolfssl