Source: wolfssl X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for wolfssl. CVE-2023-3724[0]: | If a TLS 1.3 client gets neither a PSK (pre shared key) extension | nor a KSE (key share extension) when connecting to a malicious | server, a default predictable buffer gets used for the IKM (Input | Keying Material) value when generating the session master secret. | Using a potentially known IKM value when generating the session | master secret key compromises the key generated, allowing an | eavesdropper to reconstruct it and potentially allowing access to or | meddling with message contents in the session. This issue does not | affect client validation of connected servers, nor expose private | key information, but could result in an insecure TLS 1.3 session | when not controlling both sides of the connection. wolfSSL | recommends that TLS 1.3 client side users update the version of | wolfSSL used. https://github.com/wolfSSL/wolfssl/pull/6412 https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa (v5.6.2-stable) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3724 https://www.cve.org/CVERecord?id=CVE-2023-3724 Please adjust the affected versions in the BTS as needed.
