Read Time:23 Second
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.0: Denial-of-service with session resumption
=================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30, 2022
## SUMMARY
==========
When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on
its session, the server crashes with a…