CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N/AU:Y/U:Green/V:D/RE:M
AI Score
Confidence
Low
EPSS
Percentile
9.5%
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | wolfssl | = 5.7.2-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | wolfssl | = 5.7.2-r0 | UNKNOWN |