CVE-2022-32073 – CVE-2022-32073 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-32073?

CVE-2022-32073 has a CVSS score of 9.8 (CRITICAL). CVE-2022-32073 is an integer overflow vulnerability in WolfSSH's SFTP server component that can lead to buffer overflow and potential remote code execution. This affects systems running WolfSSH v1.4.7 with SFTP enabled. Attackers could exploit this to crash the service or execute arbitrary code.

📋 TL;DR

CVE-2022-32073 is an integer overflow vulnerability in WolfSSH's SFTP server component that can lead to buffer overflow and potential remote code execution. This affects systems running WolfSSH v1.4.7 with SFTP enabled. Attackers could exploit this to crash the service or execute arbitrary code.

💻 Affected Systems

Products:

WolfSSH

Versions: v1.4.7 specifically

Operating Systems: All platforms running WolfSSH

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SFTP functionality enabled. SSH-only configurations without SFTP are not vulnerable.

📦 What is this software?

Wolfssh by Wolfssh

View all CVEs affecting Wolfssh →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the WolfSSH process, potentially leading to full system compromise.

🟠

Likely Case

Service crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Minimal impact if SFTP is disabled or proper input validation is implemented.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication when SFTP is exposed.

🏢 Internal Only: MEDIUM - Requires network access to the WolfSSH service, but internal attackers could exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted SFTP packets to trigger the integer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.4.8 and later

Vendor Advisory: https://github.com/wolfSSL/wolfssh/pull/360

Restart Required: Yes

Instructions:

1. Download WolfSSH v1.4.8 or later from official repository. 2. Replace vulnerable version. 3. Recompile if using source. 4. Restart all WolfSSH services.

🔧 Temporary Workarounds

Disable SFTP functionality

all

Disable SFTP server component if not required

Configure WolfSSH to disable SFTP (check documentation for specific configuration)

Network segmentation

linux

Restrict access to WolfSSH services

iptables -A INPUT -p tcp --dport 22 -s trusted_networks -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal SFTP traffic patterns and connection attempts

🔍 How to Verify

Check if Vulnerable:

Check WolfSSH version: wolfssh-config --version or examine binary/package version

Check Version:

wolfssh-config --version || strings /path/to/wolfssh | grep -i version

Verify Fix Applied:

Verify version is v1.4.8 or later and test SFTP functionality

📡 Detection & Monitoring

Log Indicators:

Abnormal SFTP connection terminations
WolfSSH process crashes
Memory allocation errors in logs

Network Indicators:

Unusual SFTP packet sizes
Multiple rapid SFTP connection attempts

SIEM Query:

source="wolfssh.log" AND ("crash" OR "segfault" OR "overflow")

📊 Metadata

CVE ID: CVE-2022-32073

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: July 13, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/wolfSSL/wolfssh/pull/360 Patch,Third Party Advisory
https://github.com/wolfSSL/wolfssh/pull/360 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32073, you might also want to check these: