mirror/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2024-10-19 14:08:17 +02:00
Code Issues
a596a8396b
openwrt/package/libs/wolfssl
History
Petr Štetiar a596a8396b wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release 
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:36:19 +02:00
..
patches wolfssl: bump to 5.5.0 2022-09-02 21:56:25 +02:00
Config.in wolfssl: prefer regular libwolfssl over cpu-crypto 2022-09-25 15:19:10 +02:00
Makefile wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release 2022-09-29 07:36:19 +02:00
preinst.arm-ce wolfssl: prefer regular libwolfssl over cpu-crypto 2022-09-25 15:19:10 +02:00