Impact
AES‑GCM streaming APIs in wolfSSL failed to enforce a maximum cumulative message size of 64 GiB, allowing the counter to wrap. This counter reuse leads to repeated keystream blocks, enabling an attacker to recover the plaintext of the compromised data stream. The weakness is classified as CWE‑323, representing inadequate encryption strength. The consequence is the loss of data confidentiality, with no direct impact on integrity or availability.
Affected Systems
The affected product is wolfSSL, specifically the streaming API implementation. No version information is provided in the advisory; organizations should verify the installed version against the vendor’s release notes to determine applicability.
Risk and Exploitability
The CVSS score of 2 indicates a low severity impact. EPSS is not available, suggesting limited known exploitation activity, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a scenario where an adversary orchestrates the transmission of a cumulative message exceeding 64 GiB over the vulnerable streaming API. Based on the description, it is inferred that such a large cumulative message can force the counter to wrap, leading to keystream reuse. The low CVSS and lack of known exploits imply a moderate overall risk, but organizations that handle very large data streams should consider the potential for plaintext recovery if the counter wrap occurs.
OpenCVE Enrichment
Debian DLA