User of wolfSSL v4.0.0 are affected.
Summary of issue:
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. The identity data field of the PSK extension of the packet contains data beyond the buffer length to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Attackers could write about 65 kB of data to the RAM space on affected servers.
Users should upgrade to wolfSSL v4.1.0
Patch for this vulnerability can be viewed here: https://github.com/wolfSSL/wolfssl/pull/2239
Please contact firstname.lastname@example.org if you have any questions.