CVE-2023-6937

{"id": "CVE-2023-6937", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "facts@wolfssl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-15T18:15:44.890", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/7029", "tags": ["Issue Tracking", "Patch"], "source": "facts@wolfssl.com"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["Vendor Advisory"], "source": "facts@wolfssl.com"}, {"url": "https://github.com/wolfSSL/wolfssl/pull/7029", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "facts@wolfssl.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating."}, {"lang": "es", "value": "wolfSSL anterior a 5.6.6 no verificaba que los mensajes en un registro (D)TLS no abarquen l\u00edmites clave. Como resultado, fue posible combinar mensajes (D)TLS usando diferentes claves en un registro (D)TLS. El caso m\u00e1s extremo es que, en (D)TLS 1.3, era posible que un registro (D)TLS 1.3 no cifrado del servidor que contuviera primero un mensaje ServerHello y luego el resto del primer vuelo del servidor fuera aceptado por un wolfSSL. cliente. En (D)TLS 1.3, el protocolo de enlace se cifra despu\u00e9s de ServerHello, pero un cliente wolfSSL aceptar\u00eda un vuelo sin cifrar desde el servidor. Esto no compromete la negociaci\u00f3n y autenticaci\u00f3n de claves, por lo que se le asigna una calificaci\u00f3n de gravedad baja."}], "lastModified": "2025-02-21T15:03:59.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57DCDF61-F982-41D7-83BE-DDAEC85A797A", "versionEndExcluding": "5.6.6"}], "operator": "OR"}]}], "sourceIdentifier": "facts@wolfssl.com"}