CVE-2022-38153
https://notcve.org/view.php?id=CVE-2022-38153
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. • http://packetstormsecurity.com/files/170605/wolfSSL-5.3.0-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Jan/8 https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh https://github.com/trailofbits/tlspuffin https://github.com/wolfSSL/wolfssl/pull/5476 https://github.com/wolfSSL/wolfssl/releases https://www.wolfssl.com/docs/security-vulnerabilities • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-34293
https://notcve.org/view.php?id=CVE-2022-34293
wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. wolfSSL versiones anteriores a 5.4.0, permite a atacantes remotos causar una denegación de servicio por medio de DTLS porque puede omitirse una comprobación de retorno de ruta • http://www.openwall.com/lists/oss-security/2022/08/08/6 https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable •
CVE-2022-25640
https://notcve.org/view.php?id=CVE-2022-25640
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. En wolfSSL versiones anteriores a 5.2.0, un servidor TLS versión 1.3 no puede aplicar correctamente el requisito de autenticación mutua. Un cliente puede simplemente omitir el mensaje certificate_verify del handshake, y nunca presentar un certificado • https://github.com/wolfSSL/wolfssl/pull/4831 • CWE-295: Improper Certificate Validation •
CVE-2022-25638
https://notcve.org/view.php?id=CVE-2022-25638
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. En wolfSSL versiones anteriores a 5.2.0, una comprobación del certificado puede ser omitida durante el intento de autenticación por parte de un cliente TLS versión 1.3 a un servidor TLS versión 1.3. Esto ocurre cuando el campo sig_algo difiere entre el mensaje certificate_verify y el mensaje de certificado • https://github.com/wolfSSL/wolfssl/pull/4813 https://www.wolfssl.com/docs/security-vulnerabilities • CWE-295: Improper Certificate Validation •
CVE-2022-23408
https://notcve.org/view.php?id=CVE-2022-23408
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c. wolfSSL versiones 5.x anteriores a 5.1.1, usa valores IV no aleatorios en determinadas situaciones. Esto afecta a las conexiones (sin AEAD) que usan AES-CBC o DES3 con TLS versiones 1.1 o 1.2 o DTLS versiones 1.1 o 1.2. Esto ocurre debido a una inicialización de memoria errónea en la función BuildMessage en el archivo internal.c • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022 https://github.com/wolfSSL/wolfssl/pull/4710 • CWE-330: Use of Insufficiently Random Values •