PT-2020-13122 · Wolfssl · Wolfssl
Lenny Wang
·
Published
2020-08-21
·
Updated
2021-07-21
·
CVE-2020-12457
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
wolfSSL versions prior to 4.5.0
Description
An issue in the TLS 1.3 change cipher spec (CCS) message processing logic can cause a denial of service. If an attacker sends ChangeCipherSpec messages in a specific way, involving more than one in a row, the server becomes stuck in the ProcessReply() loop.
Recommendations
For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting or disabling TLS 1.3 support until a patch is available.
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wolfssl