Fix the following vulnerabilities:
- [High] Potential for DTLS DoS attack. In wolfSSL versions before
5.4.0 the return-routability check is wrongly skipped in a specific
edge case. The check on the return-routability is there for stopping
attacks that either consume excessive resources on the server, or try
to use the server as an amplifier sending an excessive amount of
messages to a victim IP. If using DTLS 1.0/1.2 on the server side
users should update to avoid the potential DoS attack. CVE-2022-34293
- [Medium] Ciphertext side channel attack on ECC and DH operations.
Users on systems where rogue agents can monitor memory use should
update the version of wolfSSL and change private ECC keys.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stablehttps://www.wolfssl.com/docs/security-vulnerabilities/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
cd82a913d4