Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-42961
An issue exists in wolfSSL prior to 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be pro...
Wolfssl Wolfssl
9.1
CVSSv3
CVE-2022-23408
wolfSSL 5.x prior to 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
Wolfssl Wolfssl
5.5
CVSSv3
CVE-2017-6076
In versions of wolfSSL prior to 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2017-2800
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL up to and including 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, ...
Wolfssl Wolfssl
1 EDB exploit
7.5
CVSSv3
CVE-2015-6925
wolfSSL (formerly CyaSSL) prior to 3.6.8 allows remote malicious users to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
Wolfssl Wolfssl
3 Github repositories
6.5
CVSSv3
CVE-2022-25638
In wolfSSL prior to 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2019-16748
In wolfSSL up to and including 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
Wolfssl Wolfssl
3 Github repositories
4.7
CVSSv3
CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL prior to 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine...
Wolfssl Wolfssl
8.1
CVSSv3
CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL prior to 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers ca...
Wolfssl Wolfssl
7 Github repositories
9.8
CVSSv3
CVE-2020-36177
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL prior to 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Wolfssl Wolfssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »