An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.
References
Link | Resource |
---|---|
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable | Third Party Advisory |
https://github.com/wolfSSL/wolfssl/pull/2927 | Patch Third Party Advisory |
Configurations
Information
Published : 2020-08-21 07:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-12457
Mitre link : CVE-2020-12457
JSON object : View
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Products Affected
wolfssl
- wolfssl