VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-1u3q-52yd-1bhe

Essentials
Severities (13)
References (3)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1u3q-52yd-1bhe
Aliases	CVE-2024-5991
Summary	In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2024-5991
cvssv4	10	https://https://github.com/wolfSSL/wolfssl/pull/7604
ssvc	Track	https://https://github.com/wolfSSL/wolfssl/pull/7604

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-5991
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991
1081788		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788

No exploits are available.

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://https://github.com/wolfSSL/wolfssl/pull/7604

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-27T20:04:54Z/ Found at https://https://github.com/wolfSSL/wolfssl/pull/7604

Exploit Prediction Scoring System (EPSS)

Percentile	0.29577
EPSS Score	0.00111
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T16:38:11.966296+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.0.0