This security bulletin contains one medium risk vulnerability.
CWE-310 - Cryptographic Issues
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to incorrect implementation of TLS 1.3 protocol within the SanityCheckTls13MsgReceived() in tls13.c when processing server data in the WAIT_CERT_CR state. A remote attacker can perform a Man-in-the-Middle (MitM) attack and read or modify information passed between clients using the wolfSSL library and TLS servers.Mitigation
Install updates from vendor's website.Vulnerable software versions
wolfSSL: 4.0 - 4.4.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?