CVE-2024-0901: 
wolfSSL vulnerability analysis and mitigation

CVE-2024-0901 is a security vulnerability in wolfSSL that allows a malicious packet sender to cause a remotely executed SEGV (Segmentation Violation) and out-of-bounds read by sending a malformed packet with the correct length. The vulnerability was discovered and addressed in early 2024 (Ubuntu CVE).

The vulnerability is related to TLS13 padding verification process where an index could wrap around due to a malformed packet during the padding removal step for the TLS13 verify message. This issue was specifically identified in the wolfSSL implementation and required a bounds check fix to prevent integer overflow (WolfSSL PR).

When successfully exploited, this vulnerability can lead to a system crash through SEGV (Segmentation Violation) or cause an out-of-bounds read condition, potentially compromising the security of the affected system (Ubuntu CVE).

A fix has been implemented through a pull request that adds proper bounds checking for the TLS13 padding verification process. The solution involves checking that the index doesn't wrap around due to malformed packets and performing bounds checks on full word32 size to match input buffer length (WolfSSL PR).