Lucene search
Veracode Vulnerability DatabaseVERACODE:37100HistorySep 16, 2022 - 9:14 p.m.
Denial Of Service (DoS)
2022-09-1621:14:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.004 Low
EPSS
Percentile
73.8%
wolfSSL is vulnerable to denial of service. The vulnerability exists when client connects to a wolfSSL server and SSL_clear due to improper session handling which allows an attacker to cause an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wolfssl:edge | eq | 5.3.0-r2 | |
| wolfssl:edge | eq | 5.3.0-r0 | |
| wolfssl:edge | eq | 5.4.0-r0 | |
| wolfssl:edge | eq | 5.3.0-r2 | |
| wolfssl:edge | eq | 5.3.0-r0 | |
| wolfssl:edge | eq | 5.4.0-r0 |
References
packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html
seclists.org/fulldisclosure/2023/Jan/7
blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
github.com/tlspuffin/tlspuffin
github.com/wolfSSL/wolfssl/pull/5468
github.com/wolfSSL/wolfssl/releases
secdb.alpinelinux.org/edge/community.yaml
www.wolfssl.com/docs/security-vulnerabilities/
Related
debiancve
debiancve
CVE-2022-38152
2022-08-31 17:15:08
cve
cve
CVE-2022-38152
2022-08-31 17:15:08
prion
prion
Design/Logic Flaw
2022-08-31 17:15:00
cvelist
cvelist
CVE-2022-38152
2022-08-31 00:00:00
nvd
nvd
CVE-2022-38152
2022-08-31 17:15:08
ubuntucve
ubuntucve
CVE-2022-38152
2022-08-31 00:00:00
zdt
zdt
wolfSSL 5.5.0 Session Resumption Denial Of Service Vulnerability
2023-01-22 00:00:00
alpinelinux
alpinelinux
CVE-2022-38152
2022-08-31 17:15:08
osv
osv
CVE-2022-38152
2022-08-31 17:15:08