Multiple vulnerabilities in wolfSSL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-12457 CVE-2020-15309 CVE-2020-24585 |
| CWE-ID | CWE-835 CWE-310 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
wolfSSL Universal components / Libraries / Libraries used by multiple products |
| Vendor | wolfSSL |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU45989
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12457
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The
vulnerability exists due to improper change_cipher_spec (CCS) message
processing logic for TLS 1.3. A remote attacker can send
ChangeCipherSpec messages in a crafted way involving more than one in a
row and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3
- cpe:2.3:a:wolfssl:wolfssl:4.4.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://github.com/wolfSSL/wolfssl/pull/2927
http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic issues
EUVDB-ID: #VU45988
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-15309
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in wolfSSL when single precision is not employed. A local user can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3
- cpe:2.3:a:wolfssl:wolfssl:4.4.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU45987
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24585
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the application within the DTLS handshake implementation in wolfSSL. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3
- cpe:2.3:a:wolfssl:wolfssl:4.4.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://github.com/wolfSSL/wolfssl/pull/3219
http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
