Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Wolfssl 代码问题漏洞
Vulnerability Description
Wolfssl(CyaSSL)是美国Wolfssl公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 Wolfssl 5.5.0之前版本存在安全漏洞,该漏洞源于当TLS 1.3客户端连接到wolfSSL服务器并在其会话中调用SSL_clear时,服务器会因分段错误而崩溃,这发生在第二个会话中,该会话通过TLS会话恢复创建并重用初始结构WOLFSSL,如果服务器通过调用wolfSSL_clear(WOLFSSL* ssl)重用之前的会话结构,则下一个接收到的Client Hello会使
CVSS Information
N/A
Vulnerability Type
N/A