Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-2898
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2015-6925
wolfSSL (formerly CyaSSL) prior to 3.6.8 allows remote malicious users to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
Wolfssl Wolfssl
3 Github repositories
7.5
CVSSv3
CVE-2014-2901
wolfssl prior to 3.2.0 does not properly issue certificates for a server's hostname.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2014-2902
wolfssl prior to 3.2.0 does not properly authorize CA certificate for signing other certificates.
Wolfssl Wolfssl
5.9
CVSSv3
CVE-2014-2903
CyaSSL does not check the key usage extension in leaf certificates, which allows remote malicious users to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2014-2904
wolfssl prior to 3.2.0 has a server certificate that is not properly authorized for server authentication.
Wolfssl Wolfssl
8.1
CVSSv3
CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL prior to 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers ca...
Wolfssl Wolfssl
7 Github repositories
7.5
CVSSv3
CVE-2020-12457
An issue exists in wolfSSL prior to 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e.,...
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2022-34293
wolfSSL prior to 5.4.0 allows remote malicious users to cause a denial of service via DTLS because a check for return-routability can be skipped.
Wolfssl Wolfssl
1 Github repository
9.8
CVSSv3
CVE-2021-37155
wolfSSL 4.6.x up to and including 4.7.x prior to 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
Wolfssl Wolfssl
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »