Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
607
VMScore
CVE-2021-3336
DoTls13CertificateVerify in tls13.c in wolfSSL prior to 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers ca...
Wolfssl Wolfssl
7 Github repositories
169
VMScore
CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL prior to 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine...
Wolfssl Wolfssl
187
VMScore
CVE-2016-7439
The C software implementation of RSA in wolfSSL (formerly CyaSSL) prior to 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
Wolfssl Wolfssl
357
VMScore
CVE-2021-24116
In wolfSSL up to and including 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) malicious users to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environm...
Wolfssl Wolfssl
445
VMScore
CVE-2020-12457
An issue exists in wolfSSL prior to 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e.,...
Wolfssl Wolfssl
NA
CVE-2021-44718
wolfSSL up to and including 5.0.0 allows an malicious user to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally a...
Wolfssl Wolfssl
668
VMScore
CVE-2014-2896
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
Wolfssl Wolfssl
668
VMScore
CVE-2014-2897
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 prior to 2.9.4 does not check the padding length when verification fails, which allows remote malicious users to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
Wolfssl Wolfssl
668
VMScore
CVE-2014-2898
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
Wolfssl Wolfssl
445
VMScore
CVE-2014-2901
wolfssl prior to 3.2.0 does not properly issue certificates for a server's hostname.
Wolfssl Wolfssl
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »