On Thu, 07 Jan 2021 21:09:25 +0100 Salvatore Bonaccorso > The following
vulnerability was published for wolfssl.
CVE-2020-36177[0]:
| RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-
| of-bounds write for certain relationships between key size and digest
| size.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-36177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36177
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
[2] https://github.com/wolfSSL/wolfssl/pull/3426
#978676 has patches to import the fixed upstream version 4.6.0.