Vulnerabilities in cryptographic libraries found through modern fuzzing

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer overflow vulnerability found in MatrixSSL versions 4.5.1-4.0.0 that could allow information disclosure and remote code execution. It was discovered and reported by Robert Hörr and Alissar Ibrahim, security evaluators with Deutsche Telekom’s IT Security Evaluation … More →

The post …

buffer buffer overflow buffer overflow vulnerability code code execution cve deutsche telekom disclosure don't miss embedded environments fuzzing great information information disclosure matrixssl open source overflow protocols remote code remote code execution robert security security holes ssh ssl tls trail of bits uncover vulnerabilities vulnerability wolfssl