wolfSSL 5.7.2 Security Update: Fixes CVE-2024-1544/5288/5991/5814 and OCSP Bypass Vulnerabilities

From this webpage screenshot, the following key vulnerability-related information can be extracted: 1. Vulnerability IDs and Descriptions: - CVE-2024-1544: Potential ECDSA nonce side-channel attack affecting wolfSSL versions prior to 5.6.6. - CVE-2024-5288: Private key blinding operation, mitigated by defining the macro WOLFSSL_BLIND_PRIVATE_KEY to counter potential rowhammer attacks. - CVE-2024-5991: In the MatchDomainName function, the input parameter is incorrectly treated as a NULL-terminated string. - CVE-2024-5814: A malicious TLS 1.2 server can force a TLS 1.3 client to downgrade to a cipher suite it does not accept, enabling a successful connection. - OCSP stapling version 2 response verification bypass issue: Bypass of OCSP stapling version 2 response verification when receiving a forged response with length 0. - OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt: Bypass of OCSP stapling version 2 revocation when retrying a TLS connection attempt. 2. Fixes: - Each vulnerability is accompanied by a GitHub pull request number for the fix, such as #7020, #7416, #7597, etc. 3. New Features and Enhancements: - Added support for Dilithium/ML-DSA, AES RISC-V 64-bit ASM, CUDA, gRPC, SHA-3, Infineon Modus Toolbox, user-cancelable alert sending, CSNI, quantum-safe algorithms, NIST 800-56C Option 1 KDF, AES-XTS stream mode, FreeRTOS platform, etc. 4. Improvements and Optimizations: - Extended STM32 AES hardware acceleration support; adjusted and settings to support wolfBoot; added option for raw public key support; implemented SHA-3 Thumb2 and ARM32 assembly; updated API to support socat version 1.8.0.0; added support for Renesas RZ; support for dual-algorithm certificates; improved ; host updates; enhanced STM32 AES hardware acceleration; support for DTLS 1.3 downgrade; support for static memory builds; improvements to Kyber C; support for ; improvements to and ; support for Cortex-M inline assembly labels; improvements for TLS <= 1.2; improvements for ESP; support for XCODE; improvements to OpenSSL compatibility layer, etc. This information provides a detailed overview of the vulnerabilities fixed, new features added, and optimizations implemented in wolfSSL version 5.7.2.

Goal Reached Thanks to every supporter — we hit 100%!

wolfSSL 5.7.2 Security Update: Fixes CVE-2024-1544/5288/5991/5814 and OCSP Bypass Vulnerabilities

More from this source