CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

DEBIAN-CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

UBUNTU-CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

Design/Logic Flaw

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 is vulnerable to a DTLS denial-of-service because a return-routability check can be skipped. This is the explicit affected condition: wolfSSL versions prior to 5.4.0 may be exploited remotely to cause service disruption. The available connected documents consistently indicate...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped...

Wolfssl 安全漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl, Inc. A security vulnerability exists in Wolfssl versions prior to 5.4.0, which stems from the fact that its return route check can be bypassed to allow an attacker to implement a...

PT-2022-22109 · Wolfssl +2 · Wolfssl +2

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.4.0 Description: The issue allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. Recommendations: For versions prior to 5.4.0, update to version 5.4.0 ...

Denial Of Service (DoS)

wolfssl is vulnerable to denial of service. The vulnerability exists due to an implementation error in DTLS, allowing an attacker to crash the application...

wolfssl -- multiple issues

wolfSSL blog reports: In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a...

wolfCrypt leaks cryptographic information via timing side channel

wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass during attempted authentication by a TLS 1.3 client to a TLS 1.3 server, certificate validation may be bypassed when the sigalgo field differs between the certificateverify message and the certificate message...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass because a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate. Remediation...

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate...

CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate...