CVE-2021-44718: Loop with Unreachable Exit Condition ('Infinite Loop')

September 2, 2022 (updated September 8, 2022)

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

References

github.com/wolfSSL/wolfssl/releases
nvd.nist.gov/vuln/detail/CVE-2021-44718
www.wolfssl.com/docs/security-vulnerabilities/

Detect and mitigate CVE-2021-44718 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →