Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38152
An issue exists in wolfSSL prior to 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the in...
Wolfssl Wolfssl
NA
CVE-2022-34293
wolfSSL prior to 5.4.0 allows remote malicious users to cause a denial of service via DTLS because a check for return-routability can be skipped.
Wolfssl Wolfssl
1 Github repository
NA
CVE-2022-39173
In wolfSSL prior to 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required...
Wolfssl Wolfssl
NA
CVE-2022-42905
In wolfSSL prior to 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
Wolfssl Wolfssl
1 Github repository
NA
CVE-2022-42961
An issue exists in wolfSSL prior to 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be pro...
Wolfssl Wolfssl
NA
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially...
Wolfssl Wolfssl
7.5
CVSSv2
CVE-2014-2896
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.