Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.
Credits
Jaehun Lee, Pohang University of Science and Technology (POSTECH)
Kyungmin Bae, Pohang University of Science and Technology (POSTECH)
