This security bulletin contains one medium risk vulnerability.
CWE-119 - Memory corruption
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing TLS 1.3 protocol requests with session tickets. A remote attacker can send a specially crafted ClientHello packet to the affected server, trigger a buffer overflow and perform a denial of service (DoS) attack.
Install updates from vendor's website.Vulnerable software versions
wolfSSL: 5.0.0 - 5.5.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?