Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38152
An issue exists in wolfSSL prior to 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the in...
Wolfssl Wolfssl
7.5
CVSSv2
CVE-2021-37155
wolfSSL 4.6.x up to and including 4.7.x prior to 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
Wolfssl Wolfssl
1 Github repository
1.9
CVSSv2
CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL prior to 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine...
Wolfssl Wolfssl
5
CVSSv2
CVE-2022-25640
In wolfSSL prior to 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Wolfssl Wolfssl
1 Github repository
5
CVSSv2
CVE-2020-11713
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
Wolfssl Wolfssl 4.3.0
7.5
CVSSv2
CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, cli...
Wolfssl Wolfssl 4.0
NA
CVE-2022-38153
An issue exists in wolfSSL prior to 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes...
Wolfssl Wolfssl 5.3.0
7.5
CVSSv2
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
Wolfssl Wolfssl 4.1.0
3 Github repositories
4.3
CVSSv2
CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Wolfssl Wolfssl
Siemens Scalance W1750d Firmware
Arubanetworks Instant
2.1
CVSSv2
CVE-2016-7440
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Mariadb Mariadb
Oracle Mysql
Wolfssl Wolfssl
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »