CVE-2022-42905 - Vulnerability Details - OpenCVE

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Wolfssl	Wolfssl

Configuration 1 [-]

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
http://seclists.org/fulldisclosure/2023/Jan/11
https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
https://github.com/wolfSSL/wolfssl/releases
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
https://www.wolfssl.com/docs/security-vulnerabilities/

History

Fri, 02 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-06T00:00:00.000Z

Updated: 2025-05-02T18:39:54.570Z

Reserved: 2022-10-13T00:00:00.000Z

Link: CVE-2022-42905

Vulnrichment

Updated: 2024-08-03T13:19:05.343Z

NVD

Status : Modified

Published: 2022-11-07T00:15:09.643

Modified: 2025-05-02T19:15:54.400

Link: CVE-2022-42905

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42905", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-02T18:39:54.570Z", "dateReserved": "2022-10-13T00:00:00.000Z", "datePublished": "2022-11-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"url": "https://github.com/wolfSSL/wolfssl/releases"}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.343Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable", "tags": ["x_transferred"]}, {"name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html", "tags": ["x_transferred"]}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T18:39:33.696818Z", "id": "CVE-2022-42905", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T18:39:54.570Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases", "tags": ["x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jan/11", "name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html", "tags": ["x_transferred"]}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.343Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-02T18:39:33.696818Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T18:39:49.909Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"url": "https://github.com/wolfSSL/wolfssl/releases"}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"url": "http://seclists.org/fulldisclosure/2023/Jan/11", "name": "20230119 wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS", "tags": ["mailing-list"]}, {"url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}], "descriptions": [{"lang": "en", "value": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-02-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42905", "state": "PUBLISHED", "dateUpdated": "2025-05-02T18:39:54.570Z", "dateReserved": "2022-10-13T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-11-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "378BE977-D58E-42F4-BE1F-E4C184971F4A", "versionEndExcluding": "5.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)"}, {"lang": "es", "value": "En wolfSSL anterior a 5.5.2, si las funciones callback est\u00e1n habilitadas (a trav\u00e9s del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del b\u00fafer de memoria de 5 bytes. (WOLFSSL_CALLBACKS solo est\u00e1 destinado a la depuraci\u00f3n)."}], "id": "CVE-2022-42905", "lastModified": "2025-05-02T19:15:54.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-07T00:15:09.643", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"source": "cve@mitre.org", "url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jan/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}