#VU59103 Resource management error


Published: 2021-12-29

Vulnerability identifier: #VU59103

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
wolfSSL
Universal components / Libraries / Libraries used by multiple products

Vendor: wolfSSL

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a client side session resumption issue in wolfSSL, when the session resumption cache has been filled up. A remote attacker can hijack session resumption and perform MitM attack against a wolfSSL client or a proxy server that is using wolfSSL to verifying peers.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

wolfSSL: 4.0 - 5.0.0


CPE

External links
http://github.com/wolfSSL/wolfssl/releases/tag/v5.1.0-stable


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability