CVE-2022-42905 – wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) En wolfSSL anterior a 5.5.2, si las funciones callback están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del búfer de memoria de 5 bytes. (WOLFSSL_CALLBACKS solo está destinado a la depuración). wolfSSL versions prior to 5.5.2 suffer from a heap buffer over-read with WOLFSSL_CALLBACKS and can be triggered with a single Client Hello message. • http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html http://seclists.org/fulldisclosure/2023/Jan/11 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable https://www.wolfssl.com/docs/security-vulnerabilities • CWE-125: Out-of-bounds Read •
CVE-2022-42961
https://notcve.org/view.php?id=CVE-2022-42961
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) • https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable •
CVE-2022-39173 – wolfSSL Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. • http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html http://seclists.org/fulldisclosure/2022/Oct/24 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-787: Out-of-bounds Write •
CVE-2022-38153
https://notcve.org/view.php?id=CVE-2022-38153
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. • http://packetstormsecurity.com/files/170605/wolfSSL-5.3.0-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Jan/8 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/trailofbits/tlspuffin https://github.com/wolfSSL/wolfssl/pull/5476 https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-38152
https://notcve.org/view.php?id=CVE-2022-38152
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. • http://packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Jan/7 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/tlspuffin/tlspuffin https://github.com/wolfSSL/wolfssl/pull/5468 https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-754: Improper Check for Unusual or Exceptional Conditions •