Identifier

CVE-2020-24613

Package Slug

conan/wolfssl

Vulnerability

Improper Certificate Validation

Description

wolfSSL mishandles TLS server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS client state machine. This allows attackers in a privileged network position to completely impersonate any TLS servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.

Affected Versions

All versions before 4.5.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-05

source