Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and previous versions (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote malicious user to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bit...
Wolfssl Wolfssl
NA
CVE-2021-44718
wolfSSL up to and including 5.0.0 allows an malicious user to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally a...
Wolfssl Wolfssl
7.5
CVSSv2
CVE-2019-6439
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL up to and including 3.15.7 has a heap-based buffer overflow.
Wolfssl Wolfssl
2 Github repositories
5
CVSSv2
CVE-2015-6925
wolfSSL (formerly CyaSSL) prior to 3.6.8 allows remote malicious users to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
Wolfssl Wolfssl
3 Github repositories
10
CVSSv2
CVE-2020-36177
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL prior to 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Wolfssl Wolfssl
7.5
CVSSv2
CVE-2017-2800
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL up to and including 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, ...
Wolfssl Wolfssl
1 EDB exploit
4.3
CVSSv2
CVE-2019-19960
In wolfSSL prior to 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
Wolfssl Wolfssl
4.3
CVSSv2
CVE-2021-38597
wolfSSL prior to 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
Wolfssl Wolfssl
4.3
CVSSv2
CVE-2022-25638
In wolfSSL prior to 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Wolfssl Wolfssl
5
CVSSv2
CVE-2017-8855
wolfSSL prior to 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
Wolfssl Wolfssl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »