CVE-2022-42905 Information

Description

In wolfSSL before 5.5.2 if callback functions are enabled (via the WOLFSSL_CALLBACKS flag) then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

Reference

https://www.wolfssl.com/docs/security-vulnerabilities/ https://github.com/wolfSSL/wolfssl/releases