Denial of Service Vulnerability in wolfSSL by wolfSSL
CVE-2022-34293

7.5HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 8 August 2022

Summary

The wolfSSL library, prior to version 5.4.0, has a vulnerability that permits remote attackers to trigger a denial of service condition via a specific manipulation of DTLS (Datagram Transport Layer Security). This occurs when the server incorrectly skips a crucial step involving return-routability checks, potentially leading to service disruption and unavailability.

References

https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-st...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/08/08/6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2022
Vulnerability Reserved
Jun 22, 2022