{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6937", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2023-12-18T22:03:02.400Z", "datePublished": "2024-02-15T17:21:44.342Z", "dateUpdated": "2024-08-02T08:42:08.518Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["(D)TLS"], "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "versions": [{"lessThanOrEqual": "5.6.4", "status": "affected", "version": "0", "versionType": "release bundle"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes Wilson from Sectra Communications and Link\u00f6ping University"}], "datePublic": "2023-12-20T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating."}], "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating."}], "impacts": [{"capecId": "CAPEC-272", "descriptions": [{"lang": "en", "value": "CAPEC-272 Protocol Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-15T17:21:44.342Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/7029"}, {"tags": ["vendor-advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Request: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/7029\"><span style=\"background-color: transparent;\">https://github.com/wolfSSL/wolfssl/pull/7029</span></a><span style=\"background-color: transparent;\">.</span></p>"}], "value": "The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029 https://github.com/wolfSSL/wolfssl/pull/7029 .\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Improper (D)TLS key boundary enforcement", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "wolfssl", "product": "wolfssl", "cpes": ["cpe:2.3:a:wolfssl:wolfssl:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.64", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-15T19:21:03.085350Z", "id": "CVE-2023-6937", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:39:57.008Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.518Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/wolfSSL/wolfssl/pull/7029"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/7029", "tags": ["patch", "x_transferred"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.518Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T19:21:03.085350Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wolfssl:wolfssl:-:*:*:*:*:*:*:*"], "vendor": "wolfssl", "product": "wolfssl", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.64"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:39:52.402Z"}}], "cna": {"title": "Improper (D)TLS key boundary enforcement", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes Wilson from Sectra Communications and Link\u00f6ping University"}], "impacts": [{"capecId": "CAPEC-272", "descriptions": [{"lang": "en", "value": "CAPEC-272 Protocol Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "modules": ["(D)TLS"], "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "versionType": "release bundle", "lessThanOrEqual": "5.6.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029 https://github.com/wolfSSL/wolfssl/pull/7029 .\n\n", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Request: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssl/pull/7029\"><span style=\"background-color: transparent;\">https://github.com/wolfSSL/wolfssl/pull/7029</span></a><span style=\"background-color: transparent;\">.</span></p>", "base64": false}]}], "datePublic": "2023-12-20T00:00:00.000Z", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/7029", "tags": ["patch"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.", "supportingMedia": [{"type": "text/html", "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-02-15T17:21:44.342Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6937", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:42:08.518Z", "dateReserved": "2023-12-18T22:03:02.400Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-02-15T17:21:44.342Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "57DCDF61-F982-41D7-83BE-DDAEC85A797A", "versionEndExcluding": "5.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating."}, {"lang": "es", "value": "wolfSSL anterior a 5.6.6 no verificaba que los mensajes en un registro (D)TLS no abarquen l\u00edmites clave. Como resultado, fue posible combinar mensajes (D)TLS usando diferentes claves en un registro (D)TLS. El caso m\u00e1s extremo es que, en (D)TLS 1.3, era posible que un registro (D)TLS 1.3 no cifrado del servidor que contuviera primero un mensaje ServerHello y luego el resto del primer vuelo del servidor fuera aceptado por un wolfSSL. cliente. En (D)TLS 1.3, el protocolo de enlace se cifra despu\u00e9s de ServerHello, pero un cliente wolfSSL aceptar\u00eda un vuelo sin cifrar desde el servidor. Esto no compromete la negociaci\u00f3n y autenticaci\u00f3n de claves, por lo que se le asigna una calificaci\u00f3n de gravedad baja."}], "id": "CVE-2023-6937", "lastModified": "2025-02-21T15:03:59.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "facts@wolfssl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-15T18:15:44.890", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/7029"}, {"source": "facts@wolfssl.com", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/7029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "facts@wolfssl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}