Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-8854
wolfSSL prior to 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
Wolfssl Wolfssl
7.5
CVSSv3
CVE-2017-8855
wolfSSL prior to 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
Wolfssl Wolfssl
4.7
CVSSv3
CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL prior to 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine...
Wolfssl Wolfssl
5.5
CVSSv3
CVE-2017-6076
In versions of wolfSSL prior to 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
Wolfssl Wolfssl
5.9
CVSSv3
CVE-2018-16870
It was found that wolfssl prior to 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
Wolfssl Wolfssl
5.5
CVSSv3
CVE-2016-7438
The C software implementation of ECC in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
5.5
CVSSv3
CVE-2016-7439
The C software implementation of RSA in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
9.8
CVSSv3
CVE-2017-2800
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL up to and including 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, ...
Wolfssl Wolfssl
1 EDB exploit
5.3
CVSSv3
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL prior to 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
Wolfssl Wolfssl
4.7
CVSSv3
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and previous versions (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, ...
Wolfssl Wolfssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »