UBUNTU-CVE-2022-38152

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-38152

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-38152.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-38152

Related

CVE-2022-38152

Published

2022-08-31T17:15:00Z

Modified

2025-04-23T14:59:36Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSLclear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSLclear instead of the recommended SSLfree; SSLnew sequence are affected. Furthermore, wolfSSLclear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.

References

Affected packages

Ubuntu:Pro:16.04:LTS / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@3.4.8+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.8+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@3.13.0+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.2+dfsg-2

3.12.0+dfsg-1

3.12.2+dfsg-1

3.13.0+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@4.3.0+dfsg-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.0+dfsg-2

4.2.0+dfsg-1

4.2.0+dfsg-2

4.2.0+dfsg-3

4.3.0+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@5.2.0-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.6.0-3

5.*

5.0.0-1

5.1.1-1

5.2.0-1

5.2.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@5.7.2-0.1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.6.6-1.3build1

5.7.0-0.3

5.7.2-0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@5.6.6-1.3build1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.4-2

5.5.4-2.1

5.6.4-2

5.6.6-1.2

5.6.6-1.3

5.6.6-1.3build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl@5.7.2-0.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.2-0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}