Base Score

HIGH7.8

CVE-2017-8854

wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.

VectorLOCAL

Published Bycve@mitre.org

Published DateMay 09, 2017, 20:29

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable

Base Score

HIGH7.8

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH