Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-39173HistorySep 29, 2022 - 1:15 a.m.
CVE-2022-39173
2022-09-2901:15:00
Alpine Linux Development Team
security.alpinelinux.org
24
0.003 Low
EPSS
Percentile
71.6%
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | wolfssl | < 5.5.1-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | wolfssl | < 5.5.1-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | wolfssl | < 5.5.1-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | wolfssl | < 5.5.1-r0 | UNKNOWN |
Related
prion
prion
Buffer overflow
2022-09-29 01:15:00
cve
cve
CVE-2022-39173
2022-09-29 01:15:00
ubuntucve
ubuntucve
CVE-2022-39173
2022-09-29 00:00:00
openwrt
openwrt
packetstorm
packetstorm
wolfSSL Buffer Overflow
2022-10-31 00:00:00
veracode
veracode
Buffer Overflow
2022-10-10 01:10:34
debiancve
debiancve
CVE-2022-39173
2022-09-29 01:15:00
cvelist
cvelist
CVE-2022-39173
2022-09-29 00:00:00
osv
osv
CVE-2022-39173
2022-09-29 01:15:11