CVE-2023-6936 - Vulnerability Details - OpenCVE

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wolfssl	Wolfssl

Configuration 1 [-]

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/wolfSSL/wolfssl/pull/6949/
https://www.wolfssl.com/docs/security-vulnerabilities/

History

Wed, 12 Feb 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wolfssl Wolfssl wolfssl
Weaknesses		CWE-125
CPEs		cpe:2.3:a:wolfssl:wolfssl::::::::
Vendors & Products		Wolfssl Wolfssl wolfssl

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2024-02-20T21:52:02.441Z

Updated: 2024-08-27T14:23:58.075Z

Reserved: 2023-12-18T22:01:24.437Z

Link: CVE-2023-6936

Vulnrichment

Updated: 2024-08-02T08:42:08.671Z

NVD

Status : Analyzed

Published: 2024-02-20T22:15:08.197

Modified: 2025-02-12T17:01:14.790

Link: CVE-2023-6936

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6936", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2023-12-18T22:01:24.437Z", "datePublished": "2024-02-20T21:52:02.441Z", "dateUpdated": "2024-08-27T14:23:58.075Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["TLS"], "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "versions": [{"lessThanOrEqual": "5.6.5", "status": "affected", "version": "0", "versionType": "release bundle"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be vulnerable, wolfSSL callback functionality (which includes handshake and timeout callback functionality) must must be enabled with:<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_CALLBACKS\"</span></b><br><br>This option is disabled by default. The default configuration of wolfSSL is not vulnerable."}], "value": "To be vulnerable, wolfSSL callback functionality (which includes handshake and timeout callback functionality) must must be enabled with:\nCFLAGS=\"-DWOLFSSL_CALLBACKS\"\n\nThis option is disabled by default. The default configuration of wolfSSL is not vulnerable."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lucca Hirschi (Inria, LORIA)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steve Kremer (Inria, LORIA)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Max Ammann (Trail of Bits)"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlspuffin"}], "datePublic": "2023-12-20T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).<br>"}], "value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-20T21:52:02.441Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/6949/"}, {"tags": ["vendor-advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Request: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/6949/\">https://github.com/wolfSSL/wolfssl/pull/6949/</a></p>"}], "value": "The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949/ https://github.com/wolfSSL/wolfssl/pull/6949/ \n\n"}], "source": {"discovery": "EXTERNAL"}, "title": " Heap-buffer over-read with WOLFSSL_CALLBACKS", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<li>Do not build wolfSSL with <b>WOLFSSL_CALLBACKS</b> defined</li>"}], "value": " * Do not build wolfSSL with WOLFSSL_CALLBACKS defined\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "wolfssl", "product": "wolfssl", "cpes": ["cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.6.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T14:22:41.353325Z", "id": "CVE-2023-6936", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T14:23:58.075Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/wolfSSL/wolfssl/pull/6949/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/6949/", "tags": ["patch", "x_transferred"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.671Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6936", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-27T14:22:41.353325Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"], "vendor": "wolfssl", "product": "wolfssl", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.6.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.482Z"}}], "cna": {"title": " Heap-buffer over-read with WOLFSSL_CALLBACKS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lucca Hirschi (Inria, LORIA)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steve Kremer (Inria, LORIA)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Max Ammann (Trail of Bits)"}, {"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "tlspuffin"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["TLS"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "versionType": "release bundle", "lessThanOrEqual": "5.6.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949/ https://github.com/wolfSSL/wolfssl/pull/6949/ \n\n", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Request: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/6949/\">https://github.com/wolfSSL/wolfssl/pull/6949/</a></p>", "base64": false}]}], "datePublic": "2023-12-20T00:00:00.000Z", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/6949/", "tags": ["patch"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": " * Do not build wolfSSL with WOLFSSL_CALLBACKS defined\n", "supportingMedia": [{"type": "text/html", "value": "<li>Do not build wolfSSL with <b>WOLFSSL_CALLBACKS</b> defined</li>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n", "supportingMedia": [{"type": "text/html", "value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).<br>", "base64": false}]}], "configurations": [{"lang": "en", "value": "To be vulnerable, wolfSSL callback functionality (which includes handshake and timeout callback functionality) must must be enabled with:\nCFLAGS=\"-DWOLFSSL_CALLBACKS\"\n\nThis option is disabled by default. The default configuration of wolfSSL is not vulnerable.", "supportingMedia": [{"type": "text/html", "value": "To be vulnerable, wolfSSL callback functionality (which includes handshake and timeout callback functionality) must must be enabled with:<br><b><span style=\"background-color: transparent;\">CFLAGS=\"-DWOLFSSL_CALLBACKS\"</span></b><br><br>This option is disabled by default. The default configuration of wolfSSL is not vulnerable.", "base64": false}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-20T21:52:02.441Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6936", "state": "PUBLISHED", "dateUpdated": "2024-08-27T14:23:58.075Z", "dateReserved": "2023-12-18T22:01:24.437Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-02-20T21:52:02.441Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "57DCDF61-F982-41D7-83BE-DDAEC85A797A", "versionEndExcluding": "5.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n"}, {"lang": "es", "value": "En wolfSSL anterior a 5.6.6, si las funciones de devoluci\u00f3n de llamada est\u00e1n habilitadas (a trav\u00e9s del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del b\u00fafer en el mont\u00f3n de 5 bytes (WOLFSSL_CALLBACKS solo est\u00e1 destinado a la depuraci\u00f3n)."}], "id": "CVE-2023-6936", "lastModified": "2025-02-12T17:01:14.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "facts@wolfssl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-20T22:15:08.197", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/6949/"}, {"source": "facts@wolfssl.com", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/6949/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}