CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0901 – SEGV and out of bounds memory read from malicious packet
https://notcve.org/view.php?id=CVE-2024-0901
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. SEGV ejecutado de forma remota y lectura fuera de los límites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los límites mediante el envío de un paquete con formato incorrecto y con la longitud correcta. • https://github.com/wolfSSL/wolfssl/issues/7089 https://github.com/wolfSSL/wolfssl/pull/7099 • CWE-129: Improper Validation of Array Index •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLFSSL_CALLBACKS solo está destinado a la depuración). • https://github.com/wolfSSL/wolfssl/pull/6949 https://www.wolfssl.com/docs/security-vulnerabilities •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6937 – Improper (D)TLS key boundary enforcement
https://notcve.org/view.php?id=CVE-2023-6937
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. wolfSSL anterior a 5.6.6 no verificaba que los mensajes en un registro (D)TLS no abarquen límites clave. • https://github.com/wolfSSL/wolfssl/pull/7029 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6935 – Marvin Attack vulnerability in SP Math All RSA
https://notcve.org/view.php?id=CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed. wolfSSL SP Math Toda la implementación de RSA es vulnerable al ataque Marvin, una nueva variación de un ataque de sincronización de estilo Bleichenbacher, cuando se construye con las siguientes opciones para configurar: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" La definición "WOLFSSL_STATIC_RSA" habilita RSA estático conjuntos de cifrado, que no se recomienda y ha estado deshabilitado de forma predeterminada desde wolfSSL 3.6.6. Por lo tanto, la compilación predeterminada desde 3.6.6, incluso con "--enable-all", no es vulnerable al ataque Marvin. • https://people.redhat.com/~hkario/marvin https://www.wolfssl.com/docs/security-vulnerabilities • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3724 – TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
https://notcve.org/view.php?id=CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. • https://github.com/wolfSSL/wolfssl/pull/6412 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •