Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover vulnerabilities in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer overflow vulnerability found in MatrixSSL versions 4.5.1-4.0.0 that could allow information disclosure and remote code execution. It was discovered and reported by Robert Hörr and Alissar Ibrahim, security evaluators with Deutsche Telekom’s IT Security Evaluation Facility, … More
The post Vulnerabilities in cryptographic libraries found through modern fuzzing appeared first on Help Net Security.
