CVE-2023-3724: 
NixOS vulnerability analysis and mitigation

CVE-2023-3724 is a high-severity vulnerability discovered in wolfSSL affecting TLS 1.3 client implementations. The vulnerability was disclosed in July 2023 and affects versions prior to 5.6.2. When a TLS 1.3 client receives neither a PSK (pre-shared key) extension nor a KSE (key share extension) from a malicious server during connection, the system uses a default predictable buffer for the IKM (Input Keying Material) value when generating the session master secret (Vendor Advisory, NVD).

The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) according to NVD, with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from the improper handling of TLS 1.3 protocol extensions during the handshake process. When specific extensions are missing, the system falls back to using a predictable buffer for key generation, compromising the security of the TLS 1.3 session (NVD).

The vulnerability allows an eavesdropper to reconstruct the session master secret key, potentially enabling unauthorized access to or manipulation of message contents within the TLS 1.3 session. While the issue does not affect client validation of connected servers or expose private key information, it can result in an insecure TLS 1.3 session when both connection endpoints are not under control (Vendor Advisory).

wolfSSL recommends that TLS 1.3 client-side users update to version 5.6.2 or later to address this vulnerability. The fix was implemented in GitHub pull request #6412 (Vendor Advisory, GitHub Patch).