wolfSSL is vulnerable to denial of service. The vulnerability exists when client connects to a wolfSSL server and SSL_clear due to improper session handling which allows an attacker to cause an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
wolfssl:edge | eq | 5.3.0-r2 | |
wolfssl:edge | eq | 5.3.0-r0 | |
wolfssl:edge | eq | 5.4.0-r0 | |
wolfssl:edge | eq | 5.3.0-r2 | |
wolfssl:edge | eq | 5.3.0-r0 | |
wolfssl:edge | eq | 5.4.0-r0 |
packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html
seclists.org/fulldisclosure/2023/Jan/7
blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
github.com/tlspuffin/tlspuffin
github.com/wolfSSL/wolfssl/pull/5468
github.com/wolfSSL/wolfssl/releases
secdb.alpinelinux.org/edge/community.yaml
www.wolfssl.com/docs/security-vulnerabilities/