CVE-2017-13099

NameCVE-2017-13099
DescriptionwolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs884235

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u1fixed
bookworm, sid5.2.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)3.13.0+dfsg-1884235

Notes

https://github.com/wolfSSL/wolfssl/pull/1229
https://robotattack.org/

Search for package or bug name: Reporting problems