Denial of Service Vulnerability in wolfSSL Client Component
CVE-2021-44718

5.9MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 2 September 2022

Summary

The vulnerability in wolfSSL allows an attacker to exploit the client component by sending specially crafted traffic, leading to a denial of service scenario. This occurs when the client module mistakenly processes TLS messages intended for servers, potentially enabling an infinite loop condition. Attackers in a Machine-in-the-Middle (MITM) position can leverage this flaw to disrupt services, making it essential for users of wolfSSL to review their implementations and apply available updates.

References

https://www.wolfssl.com/docs/security-vulnerabilities/

x_refsource_MISC

https://github.com/wolfSSL/wolfssl/releases

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2022
Vulnerability Reserved
Dec 7, 2021