Max Ammann

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.6.6 **Description** The issue allows a malicious TLS client or network attacker to trigger a buffer over-read on the heap of 5 bytes if callback functions are enabled via the `WOLFSSL CALLBACKS` flag. This flag is only intended for debugging purposes. **Recommendations** For versions prior to 5.6.6, update to version 5.6.6 or later to resolve the issue. As a temporary workaround, consider disabling the `WOLFSSL CALLBACKS` flag to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.5.2 **Description** The issue is related to a buffer over-read vulnerability in the wolfSSL library. This can be triggered by a malicious TLS 1.3 client or network attacker when callback functions are enabled via the `WOLFSSL CALLBACKS` flag. The exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information or cause a denial of service. **Recommendations** For versions prior to 5.5.2, consider disabling the `WOLFSSL CALLBACKS` flag as a temporary workaround to minimize the risk of exploitation, as this flag is only intended for debugging purposes. Update to version 5.5.2 or later to fully resolve the issue.