FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wolfssl -- multiple issues

Affected packages
wolfssl < 5.4.0

Details

VuXML ID 9b9a5f6e-1755-11ed-adef-589cfc01894a
Discovery 2022-07-11
Entry 2022-08-08

wolfSSL blog reports:

In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a previous attack on AMD devices fixed since wolfSSL version 5.1.0. Coordination of the disclosure of the attack was done responsibly, in cooperation with the researchers, waiting for the public release of the attack details since it affects multiple security libraries.

References

CVE Name CVE-2020-12966
CVE Name CVE-2021-46744
CVE Name CVE-2022-34293
URL https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
URL https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
URL https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033