CVE-2023-6935 – Marvin Attack vulnerability in SP Math All RSA
https://notcve.org/view.php?id=CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed. wolfSSL SP Math Toda la implementación de RSA es vulnerable al ataque Marvin, una nueva variación de un ataque de sincronización de estilo Bleichenbacher, cuando se construye con las siguientes opciones para configurar: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" La definición "WOLFSSL_STATIC_RSA" habilita RSA estático conjuntos de cifrado, que no se recomienda y ha estado deshabilitado de forma predeterminada desde wolfSSL 3.6.6. Por lo tanto, la compilación predeterminada desde 3.6.6, incluso con "--enable-all", no es vulnerable al ataque Marvin. • https://people.redhat.com/~hkario/marvin https://www.wolfssl.com/docs/security-vulnerabilities • CWE-203: Observable Discrepancy •
CVE-2023-3724 – TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
https://notcve.org/view.php?id=CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. • https://github.com/wolfSSL/wolfssl/pull/6412 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVE-2022-42905 – wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) En wolfSSL anterior a 5.5.2, si las funciones callback están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del búfer de memoria de 5 bytes. (WOLFSSL_CALLBACKS solo está destinado a la depuración). wolfSSL versions prior to 5.5.2 suffer from a heap buffer over-read with WOLFSSL_CALLBACKS and can be triggered with a single Client Hello message. • http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html http://seclists.org/fulldisclosure/2023/Jan/11 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable https://www.wolfssl.com/docs/security-vulnerabilities • CWE-125: Out-of-bounds Read •
CVE-2022-42961
https://notcve.org/view.php?id=CVE-2022-42961
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) • https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable •
CVE-2022-39173 – wolfSSL Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. • http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html http://seclists.org/fulldisclosure/2022/Oct/24 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-787: Out-of-bounds Write •