CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

DEBIAN-CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

Design/Logic Flaw

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

UBUNTU-CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

Wolfssl 安全漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl Inc. in the United States. A security vulnerability exists in Wolfssl versions prior to 5.5.0 that stems from the fact that a man-in-the-middle attacker or a malicious server can cras...

Wolfssl 代码问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in Wolfssl versions prior to 5.5.0 that stems from the server crashing due to a segmentation error when a TLS 1.3 client...

CVE-2022-38152

CVE-2022-38152 concerns wolfSSL prior to 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is invoked on a resuming session (reusing the original WOLFSSL struct), the server can crash with a segmentation fault on the next ClientHello. The issue is triggered specifically duri...

PT-2022-24245 · Wolfssl · Wolfssl

Name of the Vulnerable Software and Affected Versions: wolfSSL version 5.3.0 Description: An issue in wolfSSL allows man-in-the-middle attackers or a malicious server to crash TLS 1.2 clients during a handshake. This occurs when an attacker injects a large ticket more than 256 bytes into a...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-38153

WolfSSL vulnerability CVE-2022-38153 affects version 5.3.0 (and only 5.3.x is exploitable) where an attacker can inject a large NewSessionTicket (>256 bytes) in a TLS 1.2 handshake to cause the client to crash by freeing an invalid pointer in the session cache. This can enable a MITM-style cra...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

PT-2022-24244 · Wolfssl +2 · Wolfssl +2

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.5.0 Description: An issue was discovered in wolfSSL when a TLS 1.3 client connects to a wolfSSL server and SSL clear is called on its session, causing the server to crash with a segmentation fault. This occurs in t...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via DTLS due to the check for return-routability being skipable. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike...

FreeBSD : wolfssl -- multiple issues (9b9a5f6e-1755-11ed-adef-589cfc01894a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9b9a5f6e-1755-11ed-adef-589cfc01894a advisory. - AMD EPYC Processors contain an information disclosure vulnerability in the Secure Encrypted...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...