Main Vulnerability Database Vulnerabilities #VU59102

#VU59102 Input validation error in wolfSSL

Published: December 29, 2021

Vulnerability identifier: #VU59102

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
wolfSSL

Software vendor:
wolfSSL

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to processing hello packets of the incorrect side in wolfSSL client. A remote attacker with ability to perform MitM attack can cause denial of service. this affects connections using TLS v1.2 or lesser protocol.

Remediation

Install updates from vendor's website.

External links

https://github.com/wolfSSL/wolfssl/releases/tag/v5.1.0-stable

#VU59102 Input validation error in wolfSSL

Description

Remediation

External links

Please verify you're human