Your submission was sent successfully! Close

CVE-2020-12457

Published: 21 August 2020

An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Not vulnerable
(4.5.0+dfsg-2)
hirsute Not vulnerable
(4.5.0+dfsg-2)
impish Not vulnerable
(4.5.0+dfsg-2)
jammy Not vulnerable
(4.5.0+dfsg-2)
precise Does not exist

trusty Does not exist

upstream
Released (v4.5.0-stable)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)