CVE-2022-38152: 
NixOS vulnerability analysis and mitigation

When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. The vulnerability (CVE-2022-38152) affects wolfSSL versions 5.3.0 to 5.4.0 and has a CVSS score of 7.5 (HIGH). The bug occurs after a client performs a handshake against a wolfSSL server and then closes the connection (Full Disclosure).

The vulnerability occurs when the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it. The next received Client Hello, which resumes the previous session, crashes the server with a NULL-pointer dereference. This happens because the arrays pointer still points to NULL as InitSSL is not called before the Client Hello is handled. The bug only exists in resumed handshakes using TLS session resumption (Full Disclosure).

The vulnerability can result in a denial of service (DoS) attack against wolfSSL servers that use the wolfSSLclear function instead of the sequence wolfSSLfree; wolfSSL_new. When exploited, it causes the server to crash with a NULL-pointer dereference (Trail of Bits Blog).

The vulnerability was fixed in wolfSSL version 5.5.0. Users calling wolfSSL_clear are recommended to update their version of wolfSSL. After a session has been cleared and is reused for the next client, it should be reinitialized (wolfSSL Security Vulnerabilities).

The vulnerability was discovered using the novel symbolic-model-guided fuzzer tlspuffin, developed at LORIA, INRIA, France and Trail of Bits. The wolfSSL team responded quickly to the disclosure and fixed all findings within one week of disclosure (Trail of Bits Blog).