CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39173 – wolfSSL Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. • http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html http://seclists.org/fulldisclosure/2022/Oct/24 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44718
https://notcve.org/view.php?id=CVE-2021-44718
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. wolfSSL versiones hasta 5.0.0, permite a un atacante causar una denegación de servicio y un bucle infinito en el componente cliente mediante el envío de tráfico diseñado desde una posición de tipo Machine-in-the-Middle (MITM). La causa principal es que el módulo cliente acepta mensajes TLS que normalmente sólo son enviados a servidores TLS • https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-38152
https://notcve.org/view.php?id=CVE-2022-38152
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. • http://packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Jan/7 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/tlspuffin/tlspuffin https://github.com/wolfSSL/wolfssl/pull/5468 https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34293
https://notcve.org/view.php?id=CVE-2022-34293
wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. wolfSSL versiones anteriores a 5.4.0, permite a atacantes remotos causar una denegación de servicio por medio de DTLS porque puede omitirse una comprobación de retorno de ruta • http://www.openwall.com/lists/oss-security/2022/08/08/6 https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25640
https://notcve.org/view.php?id=CVE-2022-25640
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. En wolfSSL versiones anteriores a 5.2.0, un servidor TLS versión 1.3 no puede aplicar correctamente el requisito de autenticación mutua. Un cliente puede simplemente omitir el mensaje certificate_verify del handshake, y nunca presentar un certificado • https://github.com/wolfSSL/wolfssl/pull/4831 • CWE-295: Improper Certificate Validation •