all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

wolfSSL Session Resumption Denial Of Service

Add to bookmarks
Jan. 20, 2023, 3:27 p.m. |

Packet Storm packetstormsecurity.com

wolfSSL versions prior to 5.5.0 suffer from a denial of service condition related to session resumption. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. The bug occurs after a client performs a handshake against a wolfSSL server and then closes the connection. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello, which …

bug called client crashes denial of service handshake segmentation server service session ssl tls tls 1.3 wolfssl

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5676-1 1 day, 1 hour ago | packetstormsecurity.com
advisory arbitrary code chromium code +13
Ubuntu Security Notice USN-6747-2 1 day, 1 hour ago | packetstormsecurity.com
attacker denial of service domains exploit +16
htmlLawed 1.2.5 Remote Command Execution 1 day, 1 hour ago | packetstormsecurity.com
command concept exploit proof +1
Red Hat Security Advisory 2024-2651-03 1 day, 1 hour ago | packetstormsecurity.com
advisory denial of service enterprise linux +7
Red Hat Security Advisory 2024-2645-03 1 day, 1 hour ago | packetstormsecurity.com
advisory enterprise linux red hat +5
1,400 GitLab Servers Impacted By Exploited Vulnerability 1 day, 1 hour ago | packetstormsecurity.com
data loss exploited flaw gitlab +3
Hackers Compromised Dropbox eSignature Service 1 day, 1 hour ago | packetstormsecurity.com
compromised dropbox flaw hacker +2
Hacker Free-For-All Fights For Control Of Home And Office Routers Everywhere 1 day, 1 hour ago | packetstormsecurity.com
botnet control email free +6
REvil Ransomware Scum Gets 14 Years, $16 Million Fine 1 day, 1 hour ago | packetstormsecurity.com
cryptography cybercrime fraud hacker +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote
View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US
View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA
View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco
View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com
View more jobs