CVE-2022-38152Improper Check for Unusual or Exceptional Conditions in Wolfssl

CWE-754Improper Check for Unusual or Exceptional Conditions6 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WolfsslDebian Wolfssl
Timeline
PublishedAug 31
Latest updateJan 12

Description

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/wolfssl< wolfssl 5.5.3-1 (bookworm)
NVDwolfssl/wolfssl< 5.5.0
Debianwolfssl/wolfssl< 5.5.3-1+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-g986-42m5-mxwm: An issue was discovered in wolfSSL before 52022-09-01
OSV
CVE-2022-38152: An issue was discovered in wolfSSL before 52022-08-31

📋Vendor Advisories

1
Debian
CVE-2022-38152: wolfssl - An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects ...2022

🕵️Threat Intelligence

2
Trailofbits
Keeping the wolves out of wolfSSL2023-01-12
Trailofbits
Keeping the wolves out of wolfSSL2023-01-12
CVE-2022-38152 — Wolfssl vulnerability | cvebase