VDB
CVE-2020-36177
CVE-2020-36177
PUBLISHED
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
EPSS 0.63% · 70.7th percentile
Risk Scores
EPSS Score
0.63%
70.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wolfssl | 0, 3.4.8+dfsg-1 |
| Ubuntu:22.04:LTS | wolfssl | 5.2.0-1, 5.1.1-1, 5.0.0-1 |
| Ubuntu:18.04:LTS | wolfssl | 3.13.0+dfsg-1, 0, 3.10.2+dfsg-2 |
| Ubuntu:25.10 | wolfssl | 0, 5.7.2-0.1 |
| Ubuntu:24.04:LTS | wolfssl | 5.5.4-2, 5.6.4-2, 5.6.6-1.2 |
| Ubuntu:20.04:LTS | wolfssl | *, 4.3.0+dfsg-2, * |
Exploit Intelligence
- CIRCL seen: CVE-2020-36177 (circl-sighting)
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7 (circl)
- https://github.com/wolfSSL/wolfssl/pull/3426 (circl)
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f (circl)
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 (circl)
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable (circl)
Timeline
- Jan 6, 2021 CVE Published
- Jan 6, 2021 PoC Published
- Jan 12, 2021 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36177 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 third-party-advisory
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7 third-party-advisory
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f third-party-advisory
- https://github.com/wolfSSL/wolfssl/pull/3426 third-party-advisory
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36177 third-party-advisory