Affected Users:
wolfSSH with SFTP enabled on the server side before version 1.4.21.
Summary:
A stack overflow vulnerability was discovered in wolfSSH’s SFTP server implementation. After an SFTP connection is established, a malicious SFTP client could send a specially crafted read, write, or set state SFTP packet that would cause the SFTP server code to write beyond stack boundaries. The stack overflow write has an upper bound of the macro WOLFSSH_MAX_HANDLE, which by default is 256 bytes. A sanity fix for the handle size was added in github pull request 834. We would like to thank Stanislav Fort of Aisle Research for discovering and responsibly reporting this vulnerability to our team.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now