Lucene search
Ubuntu.comUB:CVE-2022-42905HistoryNov 07, 2022 - 12:00 a.m.
CVE-2022-42905
2022-11-0700:00:00
ubuntu.com
ubuntu.com
15
wolfssl
buffer over-read
heap
callback functions
tls 1.3
unix
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
0.003
Percentile
68.0%
In wolfSSL before 5.5.2, if callback functions are enabled (via the
WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network
attacker can trigger a buffer over-read on the heap of 5 bytes.
(WOLFSSL_CALLBACKS is only intended for debugging.)
Related
alpinelinux
alpinelinux
CVE-2022-42905
2022-11-07 00:15:09
zdt
zdt
wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability
2023-01-22 00:00:00
osv
osv
CVE-2022-42905
2022-11-07 00:15:09
debiancve
debiancve
CVE-2022-42905
2022-11-07 00:15:09
prion
prion
Heap overflow
2022-11-07 00:15:00
cvelist
cvelist
CVE-2022-42905
2022-11-06 00:00:00
cve
cve
CVE-2022-42905
2022-11-07 00:15:09
veracode
veracode
Buffer Over Read
2022-11-12 11:21:08
nvd
nvd
CVE-2022-42905
2022-11-07 00:15:09
packetstorm
packetstorm
wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
2023-01-20 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
0.003
Percentile
68.0%
Related for UB:CVE-2022-42905