Published: 22/01/2016 Updated: 25/01/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

wolfSSL (formerly CyaSSL) prior to 3.6.8 allows remote malicious users to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wolfssl wolfssl

Debian Bug report logs - #801120 wolfssl: CVE-2015-6925: DoS and DoS amplification Package: src:wolfssl; Maintainer for src:wolfssl is Felix Lechner <felixlechner@lease-upcom>; Reported by: Sebastian Ramacher <sebastianramacher@iaiktugrazat> Date: Tue, 6 Oct 2015 14:03:07 UTC Severity: important Tags: fixed-ups ...

Proof of concept for denial of service attack on wolfSSL's DTLS server implementation.

CVE-2015-6925 [1, 2]: DoS attack on wolfSSL DTLS server and DoS amplification DTLS 12 [5] includes an optional extra round trip based on a cookie in the handshake phase to prevent the following two attack scenarios: DoS of the DTLS server caused by forcing the server to allocate an extensive amount of resources or by performing expensive computations, and amplifying a DoS

CWE-399 https://github.com/IAIK/wolfSSL-DoS https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801120 https://nvd.nist.gov https://github.com/IAIK/wolfSSL-DoS

CVE-2015-6925

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect