Multiple vulnerabilities in wolfSSL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-6935 CVE-2023-6936 CVE-2023-6937 |
| CWE-ID | CWE-327 CWE-125 CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
wolfSSL Universal components / Libraries / Libraries used by multiple products |
| Vendor | wolfSSL |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU84839
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6935
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incomplete fix for #VU84838. A remote attacker can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionswolfSSL: 5.0.0 - 5.6.4
External linkshttp://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable
http://github.com/wolfSSL/wolfssl/pull/6955
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU84840
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing a malformed ClientHello message in servers connecting over TLS 1.3 when the optional WOLFSSL_CALLBACKS has been defined. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 5.0.0 - 5.6.4
External linkshttp://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable
http://github.com/wolfSSL/wolfssl/pull/6949
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cryptographic issues
EUVDB-ID: #VU84841
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6937
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to wolfSSL does not check that messages in a single (D)TLS record do not span key boundaries. As a result, it is possible to combine (D)TLS messages using different keys into one (D)TLS record and force the client to accept an unencrypted flight from the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionswolfSSL: 5.0.0 - 5.6.4
External linkshttp://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable
http://github.com/wolfSSL/wolfssl/pull/7029
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cryptographic issues
EUVDB-ID: #VU84842
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the "--enable-aes-bitsliced" configure option.
Install updates from vendor's website.
Vulnerable software versionswolfSSL: 5.0.0 - 5.6.4
External linkshttp://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable
http://github.com/wolfSSL/wolfssl/pull/6854
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
