CVE-2017-13099

Summary

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

Affected Software

VendorProductVersion RangeStatus
wolfSSLwolfSSL<3.12.2affected

Weaknesses

  • CWE-203: CWE-203

ADP Enrichment

CVE Program Container

Additional References

References