Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-18840
In wolfSSL 4.1.0 up to and including 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c bec...
Wolfssl Wolfssl
8.8
CVSSv3
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially...
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2021-37155
wolfSSL 4.6.x up to and including 4.7.x prior to 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
Wolfssl Wolfssl
1 Github repository
9.8
CVSSv3
CVE-2014-2896
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2014-2898
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2014-2902
wolfssl prior to 3.2.0 does not properly authorize CA certificate for signing other certificates.
Wolfssl Wolfssl
5.9
CVSSv3
CVE-2014-2903
CyaSSL does not check the key usage extension in leaf certificates, which allows remote malicious users to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
Wolfssl Wolfssl
5.3
CVSSv3
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL prior to 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
Wolfssl Wolfssl
4.7
CVSSv3
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and previous versions (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, ...
Wolfssl Wolfssl
5.5
CVSSv3
CVE-2016-7438
The C software implementation of ECC in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »