Source: wolfssl Version: 4.4.0+dfsg-7 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for wolfssl. CVE-2020-12457[0]: | An issue was discovered in wolfSSL before 4.5.0. It mishandles the | change_cipher_spec (CCS) message processing logic for TLS 1.3. If an | attacker sends ChangeCipherSpec messages in a crafted way involving | more than one in a row, the server becomes stuck in the ProcessReply() | loop, i.e., a denial of service. CVE-2020-15309[1]: | An issue was discovered in wolfSSL before 4.5.0, when single precision | is not employed. Local attackers can conduct a cache-timing attack | against public key operations. These attackers may already have | obtained sensitive information if the affected system has been used | for private key operations (e.g., signing with a private key). CVE-2020-24585[2]: | An issue was discovered in the DTLS handshake implementation in | wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 | do not produce an out-of-order error. Instead, these messages are | returned to the application. CVE-2020-24613[3]: | wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the | WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. | This is an incorrect implementation of the TLS 1.3 client state | machine. This allows attackers in a privileged network position to | completely impersonate any TLS 1.3 servers, and read or modify | potentially sensitive information between clients using the wolfSSL | library and these TLS servers. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12457 [1] https://security-tracker.debian.org/tracker/CVE-2020-15309 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15309 [2] https://security-tracker.debian.org/tracker/CVE-2020-24585 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24585 [3] https://security-tracker.debian.org/tracker/CVE-2020-24613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24613 Regards, Salvatore
