Read Time:21 Second
Posted by Maximilian Ammann via Fulldisclosure on Jan 19
# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
====================================================================
## INFO
=======
The CVE project has assigned the id CVE-2022-42905 to this issue.
Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended October 28, 2022
Blog Post: https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
## SUMMARY
==========
If wolfSSL…