CVE-2022-42905

CVE-2022-42905

Name

CVE-2022-42905

Description

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://www.wolfssl.com/docs/security-vulnerabilities/
MISC	https://github.com/wolfSSL/wolfssl/releases
Release Notes	https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
Mailing List	http://seclists.org/fulldisclosure/2023/Jan/11
Third Party Advisory	http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
MISC	https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

Type

URI

MISC

https://www.wolfssl.com/docs/security-vulnerabilities/

MISC

https://github.com/wolfSSL/wolfssl/releases

Release Notes

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable

Mailing List

http://seclists.org/fulldisclosure/2023/Jan/11

Third Party Advisory

http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

MISC

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:wolfssl:wolfssl::::::::`	wolfssl	>= None	< 5.5.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

wolfssl

>= None

< 5.5.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wolfssl	edge-community	5.5.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
wolfssl	edge-community	5.5.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
wolfssl	edge-community	5.5.0-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
wolfssl	edge-community	5.4.0-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
wolfssl	3.22-community	5.5.3-r0	None	fixed
wolfssl	3.22-community	5.5.1-r0	None	possibly vulnerable
wolfssl	3.22-community	5.5.0-r0	None	possibly vulnerable
wolfssl	3.22-community	5.4.0-r0	None	possibly vulnerable
wolfssl	3.21-community	5.5.3-r0	None	fixed
wolfssl	3.20-community	5.5.3-r0	None	fixed
wolfssl	3.19-community	5.5.3-r0	None	fixed
wolfssl	3.18-community	5.5.3-r0	None	fixed
wolfssl	3.17-community	5.5.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed

Source package

Branch

Version

Maintainer

Status

wolfssl

edge-community

5.5.3-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

wolfssl

edge-community