Out-of-Bounds The advisory has been revoked - it doesn't affect any version of package wolfssl  (opens in a new tab)


Threat Intelligence

EPSS
8.78% (95th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-Bounds vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CONAN-WOLFSSL-10078503
  • published8 May 2025
  • disclosed23 May 2019
  • creditUnknown

Introduced: 23 May 2019

CVE-2019-11873  (opens in a new tab)
CWE-119  (opens in a new tab)

Amendment

This was deemed not a vulnerability.

Overview

Affected versions of this package are vulnerable to Out-of-Bounds wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack.