DEBIAN-CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

Heap overflow

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

UBUNTU-CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

wolfSSL 缓冲区错误漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from wolfSSL, Inc. A security vulnerability exists in wolfSSL versions prior to 5.5.2. An attacker exploited the vulnerability to trigger a buffer over-read...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

CVE-2022-42905 affects wolfSSL prior to 5.5.2. When WOLFSSL_CALLBACKS is enabled, a malicious TLS 1.3 client or network attacker can trigger a heap buffer over-read (at least 5 bytes). This impacts confidentiality and availability (per CVSS). The flaw originates in the way callbacks are handled a...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

PT-2022-6103 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.5.2 Description: The issue is related to a buffer over-read vulnerability in the wolfSSL library. This can be triggered by a malicious TLS 1.3 client or network attacker when callback functions are enabled via the...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

wolfSSL Buffer Overflow

wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites ================================================================================== INFO ======= The CVE project has assigned the id CVE-2022-39173 to this issue. Severity: high 7.5 Affected version: before 5.5.1 End ...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via fault injection achieved with a rowhammer attack, which exposes ECDSA keys. Remediation Upgrade wolfssl to version 5.5.1 or higher. References - GitHub Commit - GitHub PR - GitHub Release Credit: Yarkin Doroz,...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

DEBIAN-CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

Crlf injection

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...