Heap overflow in wolfssl CVE-2019-18840

A heap overflow vulnerability has been found in wolfssl

Wolfssl logo

Wolfssl is an TLS library mostly used in embedded Linux devices.
It is also used in the popular tool curl.
The small code base makes it very popular to use in various
IoT projects code base.

The vulnerability has been given the CVE of CVE-2019-18840.

Explanation of the vulnerability

Due to an incorrect parsing of ASN.1 certificates while
performing a handshake the GetName function in wolfcrypt/src/asn.c
allows the program to overwrite a memory address and cause
a heap overflow.

A malicious certificate will crash the program and if
more advancedly exploited the effect will lead to a
remote code execution.


    void FreeDecodedCert(DecodedCert* cert)
    if (cert->subjectName.fullName != NULL)
    XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);


    #define DN_NAMES_MAX 9

    struct DecodedName {
    char* fullName;
    int locSz;

    struct DecodedCert {
    DecodedName issuerName;
    DecodedName subjectName;


External links:
WolfSSL wikipedia
heap overflow

We at Firo believes strongly in that you should locate
the vulnerabilities within your network and patch them.
With Firo Solutions you can receive notifications about
new vulnerabilities that affects your system.

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.