Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42961
An issue exists in wolfSSL prior to 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be pro...
Wolfssl Wolfssl
187
VMScore
CVE-2016-7439
The C software implementation of RSA in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
187
VMScore
CVE-2016-7438
The C software implementation of ECC in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
445
VMScore
CVE-2020-24585
An issue exists in the DTLS handshake implementation in wolfSSL prior to 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
Wolfssl Wolfssl
436
VMScore
CVE-2020-24613
wolfSSL prior to 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely imperson...
Wolfssl Wolfssl
668
VMScore
CVE-2019-16748
In wolfSSL up to and including 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
Wolfssl Wolfssl
3 Github repositories
445
VMScore
CVE-2017-8855
wolfSSL prior to 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
Wolfssl Wolfssl
383
VMScore
CVE-2018-16870
It was found that wolfssl prior to 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
Wolfssl Wolfssl
383
VMScore
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and previous versions (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote malicious user to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bit...
Wolfssl Wolfssl
357
VMScore
CVE-2021-24116
In wolfSSL up to and including 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) malicious users to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environm...
Wolfssl Wolfssl
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »