Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-24613 |
CWE-ID | CWE-310 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
wolfSSL Universal components / Libraries / Libraries used by multiple products |
Vendor | wolfSSL |
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU46079
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-24613
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to incorrect implementation of TLS 1.3 protocol within the SanityCheckTls13MsgReceived() in tls13.c when processing server data in the WAIT_CERT_CR state. A remote attacker can perform a Man-in-the-Middle (MitM) attack and read or modify information passed between clients using the wolfSSL library and TLS servers.
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 4.0 - 4.4.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?