Skip to content

community/wolfssl: security upgrade to 5.4.0

rubicon requested to merge rubicon/aports:upgrade-wolfssl into master

https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable

From https://www.wolfssl.com/docs/security-vulnerabilities/ :

  • Potential for DTLS DoS attack. In wolfSSL versions before 5.4.0 the return-routability check is wrongly skipped in a specific edge case. The check on the return-routability is there for stopping attacks that either consume excessive resources on the server, or try to use the server as an amplifier sending an excessive amount of messages to a victim IP. If using DTLS 1.0/1.2 on the server side users should update to avoid the potential DoS attack.

  • Ciphertext side channel attack on ECC and DH operations. Users on systems where rogue agents can monitor memory use should update the version of wolfSSL and change private ECC keys. Thanks to Sen Deng from Southern University of Science and Technology (SUSTech) for the report.

Edited by rubicon

Merge request reports