Описание
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2