CVE-2022-42905 - Vulnerability Details - OpenCVE

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wolfssl	Wolfssl

Configuration 1 [-]

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
http://seclists.org/fulldisclosure/2023/Jan/11
https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
https://github.com/wolfSSL/wolfssl/releases
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
https://www.wolfssl.com/docs/security-vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-06T00:00:00

Updated: 2024-08-03T13:19:05.343Z

Reserved: 2022-10-13T00:00:00

Link: CVE-2022-42905

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-07T00:15:09.643

Modified: 2024-11-21T07:25:34.620

Link: CVE-2022-42905

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42905", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:19:05.343Z", "dateReserved": "2022-10-13T00:00:00", "datePublished": "2022-11-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-02-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"url": "https://github.com/wolfSSL/wolfssl/releases"}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.343Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable", "tags": ["x_transferred"]}, {"name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html", "tags": ["x_transferred"]}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "378BE977-D58E-42F4-BE1F-E4C184971F4A", "versionEndExcluding": "5.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)"}, {"lang": "es", "value": "En wolfSSL anterior a 5.5.2, si las funciones callback est\u00e1n habilitadas (a trav\u00e9s del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del b\u00fafer de memoria de 5 bytes. (WOLFSSL_CALLBACKS solo est\u00e1 destinado a la depuraci\u00f3n)."}], "id": "CVE-2022-42905", "lastModified": "2024-11-21T07:25:34.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-07T00:15:09.643", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"source": "cve@mitre.org", "url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}