all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

wolfSSL 5.3.0 Denial Of Service

Add to bookmarks
Jan. 20, 2023, 3:29 p.m. |

Packet Storm packetstormsecurity.com

In wolfSSL version 5.3.0, man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (above 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer which points to non-allocated memory, causing the client to crash with a “free(): invalid pointer”. Note: It is likely that this is also exploitable in TLS 1.3 handshakes between …

attackers cache client clients crash denial of service free handshake large malicious man-in-the-middle memory message non server service session tls tls 1.2 version wolfssl

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6750-1 10 hours ago | packetstormsecurity.com
arbitrary code attacker browsing bypass +19
Ubuntu Security Notice USN-6743-3 10 hours ago | packetstormsecurity.com
attacker compromise kernel linux +8
Ubuntu Security Notice USN-6657-2 10 hours ago | packetstormsecurity.com
attacker dnsmasq dnssec issue +12
Ubuntu Security Notice USN-6749-1 10 hours ago | packetstormsecurity.com
arbitrary code attacker code context +11
Red Hat Security Advisory 2024-2060-03 10 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2024-2055-03 10 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4
Red Hat Security Advisory 2024-2045-03 10 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2044-03 10 hours ago | packetstormsecurity.com
advisory enterprise gnutls information +8
Red Hat Security Advisory 2024-2042-03 10 hours ago | packetstormsecurity.com
advanced advisory critical critical update +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Manager, Security Compliance (Customer Trust)

@ Box | Tokyo
View on infosec-jobs.com

Cyber Security Engineering Specialist

@ SITEC Consulting | St. Louis, MO, USA 63101
View on infosec-jobs.com

Technical Security Analyst

@ Spire Healthcare | United Kingdom
View on infosec-jobs.com

Embedded Threat Intelligence Team Account Manager

@ Sibylline Ltd | Austin, Texas, United States
View on infosec-jobs.com

Bank Protection Security Officer

@ Allied Universal | Portland, OR, United States
View on infosec-jobs.com
View more jobs