CVE-2017-13099

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 3.12.2

Description The issue provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated, allowing an attacker to recover the private key from a vulnerable application. This is referred to as "ROBOT."

Recommendations For versions prior to 3.12.2, update to version 3.12.2 or later to resolve the issue. As a temporary workaround, consider disabling RSA key exchange in TLS cipher suites until a patch is available. Restrict access to sensitive data handled by the wolfSSL application to minimize the risk of exploitation.