In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
En wolfSSL versiones anteriores a 5.5.1, los clientes maliciosos pueden causar un desbordamiento de búfer durante un handshake TLS versión 1.3. Esto ocurre cuando un atacante supuestamente reanuda una sesión TLS anterior. Durante la reanudación del Client Hello debe lanzarse una petición de reintento de Hello. Es requerido que ambos Client Hellos contengan una lista de suites de cifrado duplicadas para desencadenar un desbordamiento del búfer. En total, dos Client Hellos deben enviarse: uno en la sesión reanudada, y un segundo como respuesta a un mensaje Hello Retry Request
In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a maliciously crafted Client Hello, followed by another maliciously crafted Client Hello. In total 2 Client Hellos have to be sent. One which pretends to resume a previous session and a second one as a response to a Hello Retry Request message.
