CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLFSSL_CALLBACKS solo está destinado a la depuración). • https://github.com/wolfSSL/wolfssl/pull/6949 https://www.wolfssl.com/docs/security-vulnerabilities •
CVE-2023-6937 – Improper (D)TLS key boundary enforcement
https://notcve.org/view.php?id=CVE-2023-6937
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. wolfSSL anterior a 5.6.6 no verificaba que los mensajes en un registro (D)TLS no abarquen límites clave. • https://github.com/wolfSSL/wolfssl/pull/7029 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2023-3724 – TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
https://notcve.org/view.php?id=CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. • https://github.com/wolfSSL/wolfssl/pull/6412 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVE-2022-42905 – wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) En wolfSSL anterior a 5.5.2, si las funciones callback están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del búfer de memoria de 5 bytes. (WOLFSSL_CALLBACKS solo está destinado a la depuración). wolfSSL versions prior to 5.5.2 suffer from a heap buffer over-read with WOLFSSL_CALLBACKS and can be triggered with a single Client Hello message. • http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html http://seclists.org/fulldisclosure/2023/Jan/11 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable https://www.wolfssl.com/docs/security-vulnerabilities • CWE-125: Out-of-bounds Read •
CVE-2022-42961
https://notcve.org/view.php?id=CVE-2022-42961
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) • https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable •