Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-2898
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Wolfssl Wolfssl
383
VMScore
CVE-2022-25638
In wolfSSL prior to 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Wolfssl Wolfssl
445
VMScore
CVE-2022-25640
In wolfSSL prior to 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Wolfssl Wolfssl
1 Github repository
383
VMScore
CVE-2021-38597
wolfSSL prior to 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
Wolfssl Wolfssl
668
VMScore
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
Wolfssl Wolfssl 4.1.0
3 Github repositories
445
VMScore
CVE-2020-11713
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
Wolfssl Wolfssl 4.3.0
NA
CVE-2022-38153
An issue exists in wolfSSL prior to 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes...
Wolfssl Wolfssl 5.3.0
668
VMScore
CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, cli...
Wolfssl Wolfssl 4.0
470
VMScore
CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Wolfssl Wolfssl
Siemens Scalance W1750d Firmware
Arubanetworks Instant
187
VMScore
CVE-2016-7440
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Mariadb Mariadb
Oracle Mysql
Wolfssl Wolfssl
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »