Filters

WolfSSL wolfsslFault Injection of EdDSA signature in WolfCrypt

8.8
First published (updated )

WolfSSL wolfsslFault Injection of RSA encryption in WolfCrypt

8.8
First published (updated )

WolfSSL wolfsslAES T-Table sub-cache-line leakage

First published (updated )

WolfSSL wolfsslBuffer overread in domain name matching

First published (updated )

WolfSSL wolfsslTLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslIn wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a …

First published (updated )

WolfSSL wolfsslAn issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads…

First published (updated )

WolfSSL wolfsslBuffer Overflow

7.5
First published (updated )

WolfSSL wolfsslwolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the clien…

First published (updated )

WolfSSL wolfsslAn issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, onl…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslAn issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server …

7.5
First published (updated )

WolfSSL wolfsslwolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check f…

7.5
First published (updated )

WolfSSL wolfsslIn wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentic…

7.5
First published (updated )

WolfSSL wolfsslIn wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a…

First published (updated )

WolfSSL wolfsslwolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslwolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant respons…

First published (updated )

WolfSSL wolfsslwolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number i…

First published (updated )

WolfSSL wolfsslIn wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-lev…

First published (updated )

WolfSSL wolfsslDoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain an…

8.1
First published (updated )

WolfSSL wolfsslRsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain rel…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslwolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls…

First published (updated )

WolfSSL wolfsslRace Condition

First published (updated )

WolfSSL wolfsslAn issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message …

7.5
First published (updated )

WolfSSL wolfsslAn issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS app…

First published (updated )

WolfSSL wolfsslThe private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inver…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslwolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side…

7.5
First published (updated )

WolfSSL wolfsslwolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to…

First published (updated )

WolfSSL wolfsslThe SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length …

First published (updated )

WolfSSL wolfsslThe DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allo…

First published (updated )

WolfSSL wolfsslIn wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslwolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA…

7.5
First published (updated )

WolfSSL wolfsslAn issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled.…

First published (updated )

WolfSSL wolfsslwolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This …

First published (updated )

debian/wolfsslwolfssl before 3.2.0 has a server certificate that is not properly authorized for server authenticat…

7.5
First published (updated )

debian/wolfsslwolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslBuffer Overflow

7.5
First published (updated )

pip/wolfcryptwolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --e…

First published (updated )

WolfSSL wolfsslIn wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certif…

First published (updated )

WolfSSL wolfsslwolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/as…

First published (updated )

WolfSSL wolfsslBuffer Overflow

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslBuffer Overflow

First published (updated )

WolfSSL wolfsslInfoleak

First published (updated )

WolfSSL wolfsslInfoleak

First published (updated )

WolfSSL wolfsslwolfSSL Bleichenbacher/ROBOT

7.5
First published (updated )

debian/wolfsslCyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

WolfSSL wolfsslA specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL thro…

First published (updated )

WolfSSL wolfsslBuffer Overflow

7.8
First published (updated )

WolfSSL wolfsslwolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.

7.5
First published (updated )

WolfSSL wolfsslInfoleak

First published (updated )

Mariadb MariadbThe C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203