wolfSSL wolfcrypt Heap-Based Buffer Overflow Vulnerability in KCAPI ECC Code Path

A heap-based buffer overflow vulnerability has been identified in the wolfSSL wolfcrypt library, specifically within the KCAPI ECC code path of the function wc_ecc_import_x963_ex(). This vulnerability allows remote attackers to write controlled data beyond the limits of the pubkey_raw buffer. The issue arises because the WOLFSSL_KCAPI_ECC code path copies input data to the pubkey_raw buffer, which has a capacity of 132 bytes, using XMEMCPY without proper bounds checking. This flaw can be exploited during TLS key exchange when a malicious peer sends a crafted ECPoint in the ServerKeyExchange message.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Reproduction

To reproduce this vulnerability, initiate a TLS key exchange with a peer that sends a crafted EC public key point in the ServerKeyExchange message. The key point should be oversized to exceed the 132-byte limit of the pubkey_raw buffer. This will trigger the buffer overflow in the KCAPI ECC code path of the wc_ecc_import_x963_ex() function.

Remediation

Users are advised to update to the latest version of wolfSSL, where this vulnerability has been addressed.