Multiple vulnerabilities in wolfSSL
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU45989
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12457
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The
vulnerability exists due to improper change_cipher_spec (CCS) message
processing logic for TLS 1.3. A remote attacker can send
ChangeCipherSpec messages in a crafted way involving more than one in a
row and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3- cpe:2.3:a:wolfssl:wolfssl:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.1.0:*:*:*:*:*:*:*
https://github.com/wolfSSL/wolfssl/pull/2927
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic issues
EUVDB-ID: #VU45988
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-15309
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in wolfSSL when single precision is not employed. A local user can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3- cpe:2.3:a:wolfssl:wolfssl:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.1.0:*:*:*:*:*:*:*
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU45987
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24585
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the application within the DTLS handshake implementation in wolfSSL. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
CPE2.3- cpe:2.3:a:wolfssl:wolfssl:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:4.1.0:*:*:*:*:*:*:*
https://github.com/wolfSSL/wolfssl/pull/3219
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
