|
| 1 | +# wolfSSL Vulnerability Report |
| 2 | + |
| 3 | +**Completion of every required field in this template is mandatory for CVE |
| 4 | +consideration.** Reports that omit required fields, or that do not use this |
| 5 | +template, will not receive CVE consideration. |
| 6 | + |
| 7 | +Non-template or incomplete submissions may still be reviewed on the merits |
| 8 | +and, where appropriate, addressed as hardening fixes in a future release. |
| 9 | + |
| 10 | +Submissions that pass automated verification of the claims you make below |
| 11 | +enter our triage queue per the Security Policy. |
| 12 | + |
| 13 | +--- |
| 14 | + |
| 15 | +## 1. Reporter Information |
| 16 | + |
| 17 | +**Name or handle:** _required_ |
| 18 | +**Organization (if any):** _optional_ |
| 19 | +**Contact email:** _required_ |
| 20 | +**Preferred credit text** (or "anonymous"): _required_ |
| 21 | + |
| 22 | +**Discovery method** _required_: describe how you found this defect — manual |
| 23 | +code review, fuzzer (name and version), static analysis tool (name), or other |
| 24 | +methodology. |
| 25 | + |
| 26 | +**Prior reports:** has this defect been reported to wolfSSL or any other |
| 27 | +party previously? If yes, provide details and any prior CVE or ticket |
| 28 | +references. |
| 29 | + |
| 30 | +--- |
| 31 | + |
| 32 | +## 2. Affected Components |
| 33 | + |
| 34 | +**Product** _required_: wolfSSL, wolfCrypt, wolfSSH, wolfMQTT, wolfBoot, |
| 35 | +wolfTPM, wolfSentry, wolfProvider, wolfHSM, wolfIP, wolfPSA, wolfPKCS11, or |
| 36 | +the OpenSSL compatibility layer. |
| 37 | + |
| 38 | +**Versions tested** _required_: list the specific released versions you |
| 39 | +verified the defect against (e.g., "5.8.4, 5.9.0, 5.9.1"). |
| 40 | + |
| 41 | +**Build configuration** _required_: state whether the defect is reachable in |
| 42 | +a default `./configure` build. If not, list every `--enable-*` / |
| 43 | +`--disable-*` flag, `WOLFSSL_*` macro, compiler version, target architecture, |
| 44 | +and optimization level required for reachability. |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +## 3. Defect Location |
| 49 | + |
| 50 | +**Source file** _required_: full path from repo root (e.g., |
| 51 | +`wolfcrypt/src/asn.c`). |
| 52 | + |
| 53 | +**Function name** _required_. |
| 54 | + |
| 55 | +**Line numbers** _required_: the specific lines containing the defect. |
| 56 | + |
| 57 | +**Defect type and technical description** _required_: identify the class of |
| 58 | +defect (heap buffer overflow, use-after-free, NULL dereference, signature |
| 59 | +verification bypass, timing side channel, etc.) and describe in two to four |
| 60 | +sentences what the code does, what it should do, and what goes wrong. |
| 61 | + |
| 62 | +--- |
| 63 | + |
| 64 | +## 4. Reachability from a wolfSSL Integration |
| 65 | + |
| 66 | +**Documented integration that routes attacker-controlled bytes to this code |
| 67 | +path** _required_: identify the specific integration. Examples of qualifying |
| 68 | +integrations include the TLS or DTLS protocol stack, X.509 peer certificate |
| 69 | +validation during TLS authentication, OCSP / CRL fetching during TLS |
| 70 | +verification, the OpenSSL compatibility layer consumed by a named integration |
| 71 | +(nginx, Apache httpd, curl, OpenVPN, stunnel, MySQL, libssh, etc.), PKCS7 / |
| 72 | +CMS verify or decrypt paths consumed by EST or SCEP enrollment, or PKCS#12 |
| 73 | +parsing in dynamic credential provisioning (WPA supplicant, hostapd, |
| 74 | +NetworkManager). |
| 75 | + |
| 76 | +**Byte-flow trace** _required_: starting from where attacker bytes enter |
| 77 | +wolfSSL's API surface, list each function call (with file and line number) |
| 78 | +through which the bytes travel until they reach the defective code. A trace |
| 79 | +of three to ten steps is typical. |
| 80 | + |
| 81 | +Example of an acceptable trace: |
| 82 | + |
| 83 | +> Attacker bytes enter via TLS record at `wolfSSL_read()` → |
| 84 | +> `ProcessReply` (ssl.c:18742) → `DoTls13HandshakeMessage` (tls13.c:11203) |
| 85 | +> → `DoTls13Certificate` (tls13.c:8847) → `ProcessPeerCerts` (internal.c:14228) |
| 86 | +> → `ParseCert` (asn.c:32104) → defective code at asn.c:33871. |
| 87 | +
|
| 88 | +--- |
| 89 | + |
| 90 | +## 5. Attacker Model |
| 91 | + |
| 92 | +**Attacker position** _required_: describe who the attacker is — remote |
| 93 | +unauthenticated network peer, on-path network attacker, authenticated remote |
| 94 | +peer, local unprivileged user, local privileged user, attacker with prior |
| 95 | +code execution on the device, or other. Be specific. |
| 96 | + |
| 97 | +**Prerequisites** _required_: list every capability the attacker must already |
| 98 | +possess before the defect can be triggered, including any access, credentials, |
| 99 | +configuration control, or environmental conditions. |
| 100 | + |
| 101 | +**New capability gained** _required_: describe the *delta* between what the |
| 102 | +attacker can do before exploitation and what they can do after. |
| 103 | + |
| 104 | +**Realistic deployment context** _required_: identify one or more wolfSSL |
| 105 | +customer deployment patterns where the attacker position you describe is |
| 106 | +plausible. wolfSSL is deployed in embedded, industrial, automotive, medical, |
| 107 | +avionics, and IoT contexts. |
| 108 | + |
| 109 | +--- |
| 110 | + |
| 111 | +## 6. Security Impact |
| 112 | + |
| 113 | +**Primary security property impacted** _required_ — pick one and justify |
| 114 | +below: |
| 115 | + |
| 116 | +- [ ] **Integrity** — memory corruption enabling control-flow hijack, |
| 117 | + arbitrary write, or state corruption with attacker control |
| 118 | +- [ ] **Authenticity** — signature verification bypass, certificate |
| 119 | + validation bypass, MAC forgery, algorithm downgrade, trust-chain bypass |
| 120 | +- [ ] **Confidentiality of secret material** — disclosure of private keys, |
| 121 | + session keys, password material, or pre-authentication server plaintext |
| 122 | +- [ ] **Availability** — denial of service |
| 123 | + |
| 124 | +**Justification** _required_: in two to four sentences, explain how the |
| 125 | +defect produces the impact you've selected, with reference to the byte flow |
| 126 | +in Section 4 and the attacker model in Section 5. |
| 127 | + |
| 128 | +--- |
| 129 | + |
| 130 | +## 7. Working Proof-of-Concept |
| 131 | + |
| 132 | +**A working proof-of-concept is required.** Reports without one will not |
| 133 | +receive CVE consideration. |
| 134 | + |
| 135 | +Provide: |
| 136 | + |
| 137 | +- Source code, packet capture, malformed input file, or other artifact that |
| 138 | + triggers the defect |
| 139 | +- Exact build and run instructions, including the wolfSSL version and build |
| 140 | + configuration declared in Section 2 |
| 141 | +- Expected output demonstrating the defect — crash trace, sanitizer report, |
| 142 | + leaked memory contents, forged signature accepted by the verifier, or |
| 143 | + equivalent concrete observable effect |
| 144 | + |
| 145 | +We compile and run submitted PoCs against the affected version. PoCs that do |
| 146 | +not reproduce the claimed behavior, or that demonstrate behavior materially |
| 147 | +different from the claim, will not receive CVE consideration. |
| 148 | + |
| 149 | +The following are not proofs-of-concept and will not satisfy this requirement: |
| 150 | + |
| 151 | +- Prose claims that the defect "may lead to memory corruption," "could |
| 152 | + potentially crash the process," "is theoretically exploitable," or similar |
| 153 | +- A description of an analytical exploitation chain without a runnable |
| 154 | + artifact that produces the claimed effect |
| 155 | +- A PoC that demonstrates a different effect than the impact claimed in |
| 156 | + Section 6 (for example, a PoC that produces a NULL dereference accompanied |
| 157 | + by a claim of remote code execution) |
| 158 | +- Source code that does not compile, or instructions that do not run as |
| 159 | + written |
| 160 | + |
| 161 | +--- |
| 162 | + |
| 163 | +## 8. Related Work Check |
| 164 | + |
| 165 | +**Have you verified this defect is not already being addressed?** _required_: |
| 166 | +describe your review of open pull requests and recent commits in the |
| 167 | +relevant wolfSSL repository that touch the same file or function. Include |
| 168 | +the search terms you used and any specific PRs or commits you examined |
| 169 | +(with URLs). AI-assisted tooling makes this search efficient and is a |
| 170 | +reasonable way to perform it. |
| 171 | + |
| 172 | +**If related work is ongoing or merged** _required_: explain how your |
| 173 | +report is novel relative to that work — e.g., your defect is in a |
| 174 | +different code path, a different return value, a different call site, |
| 175 | +or a different attacker reachability. |
| 176 | + |
| 177 | +Reports of issues already being addressed in open work are treated as |
| 178 | +duplicates and do not receive CVE consideration. |
| 179 | + |
| 180 | +--- |
| 181 | + |
| 182 | +## 9. Caller API Usage |
| 183 | + |
| 184 | +**Does triggering the defect require the caller to use wolfSSL APIs outside |
| 185 | +their documented behavior?** _required_: answer yes or no, then describe the |
| 186 | +specific API calls, options, and sequences used. |
| 187 | + |
| 188 | +--- |
| 189 | + |
| 190 | +## 10. Severity Self-Assessment |
| 191 | + |
| 192 | +**Reporter-proposed severity** _required_: Critical, High, Medium, or Low. |
| 193 | + |
| 194 | +**CVSS 3.1 vector string** _optional_: e.g., `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`. |
| 195 | + |
| 196 | +**Justification** _required_: in two to three sentences, map the severity to |
| 197 | +the realistic attacker model and impact described above. |
| 198 | + |
| 199 | +wolfSSL performs its own severity assessment per the published rubric. Your |
| 200 | +assessment is input, not the final classification. |
| 201 | + |
| 202 | +--- |
| 203 | + |
| 204 | +## 11. Disclosure Coordination |
| 205 | + |
| 206 | +**Requested embargo period** _required_: state your preferred embargo |
| 207 | +duration. Longer embargoes for ecosystem coordination may be requested. |
| 208 | + |
| 209 | +**Downstream coordination** _required_: identify any downstream integrators, |
| 210 | +certification bodies, or other parties whose involvement affects disclosure |
| 211 | +timing. |
| 212 | + |
| 213 | +**Public disclosure plans** _required_: describe any planned blog post, |
| 214 | +conference talk, paper, or other public disclosure, with tentative timing, |
| 215 | +so we can coordinate the advisory release. |
| 216 | + |
| 217 | +--- |
| 218 | + |
| 219 | +## 12. Suggested Fix _(optional)_ |
| 220 | + |
| 221 | +If you have a proposed patch, attach it. Patches are not required, but they |
| 222 | +accelerate the fix timeline. |
| 223 | + |
| 224 | +--- |
| 225 | + |
| 226 | +## What Happens Next |
| 227 | + |
| 228 | +1. **Acknowledgment.** We acknowledge receipt as reports arrive. |
| 229 | +2. **Automated verification.** Our triage tooling cross-checks the claims |
| 230 | + in your report against the source code: function names, line numbers, |
| 231 | + call paths, version ranges, integration routes, and PoC reproduction. |
| 232 | +3. **Initial triage verdict.** Once verification is complete, we provide |
| 233 | + an initial verdict: CVE-eligible, hardening fix, or more information |
| 234 | + needed. Complex or contested reports take longer than straightforward |
| 235 | + ones. |
| 236 | +4. **Coordination.** For CVE-eligible reports, we develop a fix privately |
| 237 | + and coordinate disclosure timing with you. |
| 238 | +5. **Disclosure.** The fix release and CVE advisory publish together. |
| 239 | + |
| 240 | +For questions about this template or the process, contact |
| 241 | +**support@wolfssl.com**. |
| 242 | + |
| 243 | +*Last updated: 2026-04-22* |
0 commit comments