CVE-2020-24613

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 4.5.0

Description The issue is related to an incorrect implementation of the TLS 1.3 client state machine in the wolfSSL library. This allows attackers in a privileged network position to impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.

Recommendations For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS 1.3 until a patch is available.