Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)

Another point in favor of hardening OpenWRT. There should be instructions in there (but aren't) about how to disable Luci when not needed. A quick ssh can re enable whenever admin is needed. Threat model for wireless administration

root@OpenWrt:~# opkg list-installed | grep wolfssl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
**libwolfssl5.2.0.99a5b54a - 5.2.0-stable-1** #vulnerable
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 3
wpad-basic-wolfssl - 2020-06-08-5a8b3662-40

opkg update; opkg upgrade libwolfssl libustream-wolfssl

opkg upgrade px5g-wolfssl wpad-basic-wolfssl


root@OpenWrt:~# opkg list-installed | grep wolfssl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 4.1
wpad-basic-wolfssl - 2020-06-08-5a8b3662-41

reboot

Looks fine now. You could combine the commands but I am following KISS.