[Buildroot] [PATCH 1/1] package/wolfssl: security bump to version 5.5.2
Peter Korsgaard
peter at korsgaard.com
Tue Nov 8 20:00:33 UTC 2022
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> In the case that the WOLFSSL_CALLBACKS macro is set when building
> wolfSSL, there is a potential heap over read of 5 bytes when handling
> TLS 1.3 client connections. This heap over read is limited to wolfSSL
> builds explicitly setting the macro WOLFSSL_CALLBACKS, the feature does
> not get turned on by any other build options. The macro
> WOLFSSL_CALLBACKS is intended for debug use only, but if having it
> enabled in production, users are recommended to disable
> WOLFSSL_CALLBACKS. Users enabling WOLFSSL_CALLBACKS are recommended to
> update their version of wolfSSL. CVE 2022-42905
> https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list