CVE-2018-16870 — Sensitive Information Exposure in Wolfssl

CWE-200 — Sensitive Information Exposure CWE-3104 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 59.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl

Timeline

PublishedJan 3

Latest updateMay 13

Description

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/wolfssl< wolfssl 4.1.0+dfsg-1 (bookworm)

▶NVDwolfssl/wolfssl< 3.15.7

▶Debianwolfssl/wolfssl< 4.1.0+dfsg-1+3

▶CVEListV5wolfssl/wolfsslbefore 3.15.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch8h-fr7v-29p6: It was found that wolfssl before 3↗2022-05-13

▶

OSV

CVE-2018-16870: It was found that wolfssl before 3↗2019-01-03

▶

📋Vendor Advisories

Debian

CVE-2018-16870: wolfssl - It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bl...↗2018

▶