{"id":9681,"date":"2025-08-04T17:43:39","date_gmt":"2025-08-04T17:43:39","guid":{"rendered":"http:\/\/localhost\/?p=9681"},"modified":"2025-08-04T17:43:39","modified_gmt":"2025-08-04T17:43:39","slug":"wolftpm-library-wrapper-function-wolftpm2rsakeytpmtowolf-copies-external-data-to-a-fixed-size-stack","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9681","title":{"rendered":"wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nwolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-04T21:35:04.013Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-04T21:35:04.013Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nwolfSSL Inc.<\/td>\n<\/tr>\n
Product<\/th>\nwolfTPM<\/td>\n<\/tr>\n
Version<\/th>\n0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n1.0 (LOW)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:P\/AC:H\/AT:P\/PR:N\/UI:N\/VC:N\/VI:N\/VA:L\/SC:N\/SI:N\/SA:L\/U:Green<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA buffer overflow vulnerability in the wolfTPM library’s `wolfTPM2_RsaKey_TpmToWolf` function can occur when handling RSA keys larger than 2048 bits, potentially leading to a stack-based buffer overflow. This could result in application crashes or arbitrary code execution under specific conditions.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nwolfSSL Inc.<\/td>\n<\/tr>\n
AI Product<\/th>\nwolfTPM<\/td>\n<\/tr>\n
AI Version<\/th>\n0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n