The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-28T15:41:59
Updated: 2024-08-06T10:28:46.375Z
Reserved: 2014-04-18T00:00:00
Link: CVE-2014-2897
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-28T16:15:11.930
Modified: 2024-11-21T02:07:09.337
Link: CVE-2014-2897
Redhat
No data.