wolfSSL before 5.5.0: Denial-of-service with session resumption

Read Time:23 Second

Posted by Maximilian Ammann via Fulldisclosure on Jan 19

# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================

## INFO
=======

The CVE project has assigned the id CVE-2022-38152 to this issue.

Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022

## SUMMARY
==========

When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a…

stb-0-0.50.20241002git31707d1.el8

FEDORA-EPEL-2025-f5725d94b3 Packages in this update: stb-0-0.50.20241002git31707d1.el8 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 11, 2025

USN-7169-5: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 10, 2025

stb-0^20241002git31707d1-4.el9

FEDORA-EPEL-2025-75d8605b8c Packages in this update: stb-0^20241002git31707d1-4.el9 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

stb-0^20241002git31707d1-5.el10_0

FEDORA-EPEL-2025-93a1152ae1 Packages in this update: stb-0^20241002git31707d1-5.el10_0 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

stb-0^20241002git31707d1-4.fc40

FEDORA-2025-49e8952aab Packages in this update: stb-0^20241002git31707d1-4.fc40 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit...

January 10, 2025

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

wolfSSL before 5.5.0: Denial-of-service with session resumption

stb-0-0.50.20241002git31707d1.el8

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability