CVE-2022-38153: 
NixOS vulnerability analysis and mitigation

CVE-2022-38153 affects wolfSSL version 5.3.0 when --enable-session-ticket is used. The vulnerability allows man-in-the-middle attackers or malicious servers to crash TLS 1.2 clients during a handshake. The issue was discovered in August 2022 and has a CVSS score of 5.9 (MEDIUM) (NVD, WolfSSL).

If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. The bug exists in the AddSessionToCache function. The vulnerability is also likely exploitable during TLS 1.3 handshakes between a client and a malicious server, though it cannot be exploited as a man-in-the-middle attack in TLS 1.3 (Trail of Bits).

The vulnerability results in a denial of service (DoS) condition by causing the client to crash. Approximately 30 cached sessions are required to reliably trigger the crash, as the bug depends on the hash of the session ID and whether the current cache bucket already contains a previous session (Trail of Bits).

The vulnerability was fixed in wolfSSL version 5.5.0. Users running version 5.3.0 with --enable-session-ticket compiled in should update their version of wolfSSL. The fix ensures proper validation of ticket sizes and memory handling in the session cache (WolfSSL).