Woohyun Choi

Name of the Vulnerable Software and Affected Versions wolfSSL (affected versions not specified) Description A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. The interior padding bytes are not validated. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs. Recommendations Update to version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions (affected versions not specified) **Description** A stack buffer overflow exists in wolfSSL's PKCS7 implementation within the `wc PKCS7 DecryptOri()` function located in wolfcrypt/src/pkcs7.c. The issue occurs when processing a CMS EnvelopedData message with an OtherRecipientInfo (ORI) recipient. The function uses `XMEMCPY` to copy an ASN.1-parsed OID into a fixed 32-byte stack buffer (`oriOID[MAX OID SZ]`) without validating the length of the OID. A crafted CMS EnvelopedData message containing an OID longer than 32 bytes triggers the overflow. Exploitation requires the library to be built with `--enable-pkcs7` and an ORI decrypt callback registered via `wc PKCS7 SetOriDecryptCb()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.