CVE-2023-6937 — Vulnetix

CVE-2023-6937 PUBLISHED CVSS 5.300000190734863 MEDIUM

wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.

EPSS 0.44% · 63.5th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.44%

63.5th percentile

Affected Products

Vendor	Product	Versions
wolfssl	wolfssl	0, 0
wolfssl	wolfssl	0, 0, 0
wolfSSL	wolfSSL	0, 0

Timeline

Jan 20, 1970 Fix PR Merged
Feb 15, 2024 CVE Published
Feb 15, 2024 PoC Published
Feb 16, 2024 EPSS Score
Mar 14, 2024 EPSS Score
Apr 10, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 3, 2024 EPSS Score
Jun 30, 2024 EPSS Score
Jul 27, 2024 EPSS Score
Aug 23, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score

References

https://github.com/wolfSSL/wolfssl/pull/7029 patch
https://www.wolfssl.com/docs/security-vulnerabilities/ vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-6937 advisory
https://www.wolfssl.com/docs/security-vulnerabilities url

Open in Interactive Console →