wolfSSL Packet Sniffer Integer Underflow Vulnerability Leading to Heap Buffer Overflow

An integer underflow vulnerability has been identified in the wolfSSL packet sniffer in versions through 5.8.4. This vulnerability allows an attacker to cause a buffer overflow in the AEAD decryption process by injecting a TLS record that is shorter than the explicit initialization vector (IV) plus authentication tag into traffic being analyzed by the packet sniffer. The underflow condition wraps a 16-bit length value to a large number, which is then passed to AEAD decryption routines, resulting in a heap buffer overflow and a crash. This vulnerability can be triggered remotely by an unauthenticated attacker using malformed TLS Application Data records.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, leading to a crash of the application. However, such heap buffer overflows can often be exploited to execute arbitrary code under certain conditions.

Remediation

Users are advised to update to wolfSSL version 5.8.5 or later, where this vulnerability has been addressed.