Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-44718
wolfSSL up to and including 5.0.0 allows an malicious user to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally a...
Wolfssl Wolfssl
2.1
CVSSv2
CVE-2016-7438
The C software implementation of ECC in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
2.1
CVSSv2
CVE-2016-7439
The C software implementation of RSA in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
NA
CVE-2022-39173
In wolfSSL prior to 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required...
Wolfssl Wolfssl
1.2
CVSSv2
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and previous versions (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, ...
Wolfssl Wolfssl
NA
CVE-2022-42905
In wolfSSL prior to 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
Wolfssl Wolfssl
1 Github repository
NA
CVE-2022-42961
An issue exists in wolfSSL prior to 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be pro...
Wolfssl Wolfssl
5
CVSSv2
CVE-2019-18840
In wolfSSL 4.1.0 up to and including 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c bec...
Wolfssl Wolfssl
NA
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially...
Wolfssl Wolfssl
5
CVSSv2
CVE-2019-19962
wolfSSL prior to 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
Wolfssl Wolfssl
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »