wolfSSL Integer Overflow Vulnerability in Certificate Chain Handling Leading to Heap Corruption

A vulnerability allowing integer overflow has been identified in the static function 'wolfssl_add_to_chain', part of the wolfSSL library. This overflow can cause heap corruption by writing certificate data beyond the limits of a too-small certificate buffer. The vulnerable function is called by 'wolfSSL_CTX_add_extra_chain_cert', 'wolfSSL_CTX_add1_chain_cert', and 'wolfSSL_add0_chain_cert'. These APIs are activated for third-party compatibility features, including OpenSSL, Lighttpd, Stunnel, Nginx, and HAProxy. The vulnerability is not remotely exploitable; it requires that the application context responsible for loading certificates is already compromised.

Impact

Exploitation of this vulnerability leads to heap corruption, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users can update to the latest version of wolfSSL, where this vulnerability has been addressed.