Back to search
CVE-2020-12457
Published: Aug 21, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/wolfSSL/wolfssl/pull/2927
x_refsource_MISC
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now