QwikSec

Security Database

CVE

CWE

Training

CVE-2022-39173

Published: Sep 29, 2022

Modified: May 20, 2025

PUBLISHED

Description

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.wolfssl.com/docs/security-vulnerabilities/

https://github.com/wolfSSL/wolfssl/releases

20221030 wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites

mailing-list

http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.