Multiple vulnerabilities in wolfSSL



Published: 2020-08-24
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2020-12457
CVE-2020-15309
CVE-2020-24585
CWE-ID CWE-835
CWE-310
CWE-399
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
wolfSSL
Universal components / Libraries / Libraries used by multiple products

Vendor wolfSSL

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU45989

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12457

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper change_cipher_spec (CCS) message processing logic for TLS 1.3. A remote attacker can send ChangeCipherSpec messages in a crafted way involving more than one in a row and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

wolfSSL: 4.0 - 4.4.0


CPE2.3 External links

http://github.com/wolfSSL/wolfssl/pull/2927
http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cryptographic issues

EUVDB-ID: #VU45988

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15309

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in wolfSSL when single precision is not employed. A local user can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

wolfSSL: 4.0 - 4.4.0


CPE2.3 External links

http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU45987

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24585

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application within the DTLS handshake implementation in wolfSSL. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

wolfSSL: 4.0 - 4.4.0


CPE2.3 External links

http://github.com/wolfSSL/wolfssl/pull/3219
http://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###