wolfSSL Buffer Overflow

Discussion in 'News Aggregator' started by Packet Storm, 1 Nov 2022.

  1. Packet Storm

    Packet Storm Guest

    In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a maliciously crafted Client Hello, followed by another maliciously crafted Client Hello. In total 2 Client Hellos have to be sent. One which pretends to resume a previous session and a second one as a response to a Hello Retry Request message.

    Continue reading...
     
    #1 Packet Storm, 1 Nov 2022
(You must log in or sign up to post here.)

Share This Page

Loading...