CVE-2022-34293: 
NixOS vulnerability analysis and mitigation

CVE-2022-34293 affects wolfSSL versions before 5.4.0, where a vulnerability in the DTLS (Datagram Transport Layer Security) implementation allows remote attackers to cause a denial of service. The vulnerability was discovered and disclosed in July 2022, affecting the wolfSSL embedded SSL library, which is a lightweight SSL/TLS library written in ANSI C targeted for embedded and resource-constrained environments (NVD, OSS Security).

The vulnerability stems from an incorrectly skipped return-routability check in a specific edge case within the DTLS implementation. The return-routability check is a security measure designed to prevent attacks that either consume excessive server resources or use the server as an amplifier to send an excessive amount of messages to a victim IP. This vulnerability specifically affects DTLS 1.0/1.2 implementations on the server side (OSS Security).

When exploited, this vulnerability can lead to a Denial of Service (DoS) attack against affected servers. Attackers can potentially consume excessive resources on the server or use the server as an amplifier to send an excessive amount of messages to a victim IP address (OSS Security).

Users are strongly advised to upgrade to wolfSSL version 5.4.0 or later to address this vulnerability. The fix was released on July 11, 2022, as part of the wolfSSL 5.4.0 release. Organizations using DTLS 1.0/1.2 on the server side should prioritize this update to prevent potential DoS attacks (GitHub Release, OSS Security).