VYPR
Unrated severityNVD Advisory· Published Nov 6, 2022· Updated May 2, 2025

CVE-2022-42905

CVE-2022-42905

Description

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WolfSSL/Wolfsslcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <5.5.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.