Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2020-15309
An issue exists in wolfSSL prior to 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key ...
Wolfssl Wolfssl
5.3
CVSSv3
CVE-2020-24585
An issue exists in the DTLS handshake implementation in wolfSSL prior to 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
Wolfssl Wolfssl
5.3
CVSSv3
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL prior to 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2020-11713
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
Wolfssl Wolfssl 4.3.0
9.8
CVSSv3
CVE-2014-2896
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2014-2897
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 prior to 2.9.4 does not check the padding length when verification fails, which allows remote malicious users to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2014-2898
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Wolfssl Wolfssl
5.3
CVSSv3
CVE-2019-19960
In wolfSSL prior to 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2019-19962
wolfSSL prior to 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
Wolfssl Wolfssl
2 Github repositories
5.3
CVSSv3
CVE-2019-19963
An issue exists in wolfSSL prior to 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
Wolfssl Wolfssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »