CVE-2024-5288 – Safe-error attack on TLS 1.3 Protocol
https://notcve.org/view.php?id=CVE-2024-5288
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-922: Insecure Storage of Sensitive Information •
CVE-2024-5991 – Buffer overread in domain name matching
https://notcve.org/view.php?id=CVE-2024-5991
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. • https://https://github.com/wolfSSL/wolfssl/pull/7604 • CWE-125: Out-of-bounds Read •
CVE-2024-0901 – SEGV and out of bounds memory read from malicious packet
https://notcve.org/view.php?id=CVE-2024-0901
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. SEGV ejecutado de forma remota y lectura fuera de los límites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los límites mediante el envío de un paquete con formato incorrecto y con la longitud correcta. • https://github.com/wolfSSL/wolfssl/issues/7089 https://github.com/wolfSSL/wolfssl/pull/7099 • CWE-129: Improper Validation of Array Index •
CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLFSSL_CALLBACKS solo está destinado a la depuración). • https://github.com/wolfSSL/wolfssl/pull/6949 https://www.wolfssl.com/docs/security-vulnerabilities •
CVE-2023-6937 – Improper (D)TLS key boundary enforcement
https://notcve.org/view.php?id=CVE-2023-6937
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. wolfSSL anterior a 5.6.6 no verificaba que los mensajes en un registro (D)TLS no abarquen límites clave. • https://github.com/wolfSSL/wolfssl/pull/7029 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation •