From 884b8634af8e8417f59b5f1631e664dfbd083833 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Tue, 18 Jan 2022 16:06:08 -0500 Subject: [PATCH] CVE-2022-23408 --- ChangeLog.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 428f8b0f6..012a1777b 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -2,7 +2,7 @@ Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix: ### Vulnerabilities -* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. +* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. (CVE-2022-23408) # wolfSSL Release 5.1.0 (Dec 27, 2021) Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including: diff --git a/README.md b/README.md index 55a5ca6b8..094017855 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix: ### Vulnerabilities -* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. +* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. (CVE-2022-23408) # wolfSSL Release 5.1.0 (Dec 27, 2021) Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including: