Описание
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wolfssl | fixed | 5.8.4-1 | package | |
| wolfssl | no-dsa | trixie | package | |
| wolfssl | no-dsa | bookworm | package | |
| wolfssl | postponed | bullseye | package |
Примечания
https://github.com/wolfSSL/wolfssl/pull/9223
Fixed by: https://github.com/wolfSSL/wolfssl/commit/7afcf200774987fcd349663733770d38c1d97292 (v5.8.4-stable)
EPSS
Связанные уязвимости
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
EPSS