Lucene search
MitreCVELIST:CVE-2022-42905HistoryNov 06, 2022 - 12:00 a.m.
CVE-2022-42905
2022-11-0600:00:00
mitre
www.cve.org
wolfssl
buffer over-read
vulnerability
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
References
packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
seclists.org/fulldisclosure/2023/Jan/11
blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
github.com/wolfSSL/wolfssl/releases
github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
www.wolfssl.com/docs/security-vulnerabilities/
Related
alpinelinux
alpinelinux
CVE-2022-42905
2022-11-07 00:15:09
zdt
zdt
wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability
2023-01-22 00:00:00
veracode
veracode
Buffer Over Read
2022-11-12 11:21:08
nvd
nvd
CVE-2022-42905
2022-11-07 00:15:09
packetstorm
packetstorm
wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
2023-01-20 00:00:00
cve
cve
CVE-2022-42905
2022-11-07 00:15:09
debiancve
debiancve
CVE-2022-42905
2022-11-07 00:15:09
prion
prion
Heap overflow
2022-11-07 00:15:00
osv
osv
CVE-2022-42905
2022-11-07 00:15:09
ubuntucve
ubuntucve
CVE-2022-42905
2022-11-07 00:00:00