CVE-2021-44718 — Infinite Loop in Wolfssl

CWE-835 — Infinite Loop4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 57.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl

Timeline

PublishedSep 2

Latest updateSep 3

Description

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wolfssl< wolfssl 5.1.1-1 (bookworm)

▶Debianwolfssl/wolfssl< 4.6.0+p1-0+deb11u1+3

▶NVDwolfssl/wolfssl5.0.0

🔴Vulnerability Details

GHSA

GHSA-9m99-gmcj-9g66: wolfSSL through 5↗2022-09-03

▶

OSV

CVE-2021-44718: wolfSSL through 5↗2022-09-02

▶

📋Vendor Advisories

Debian

CVE-2021-44718: wolfssl - wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infini...↗2021

▶