Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wolfssl
(Wolfssl)| Repositories | https://github.com/wolfSSL/wolfssl |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-26 | CVE-2019-15651 | wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. | Wolfssl | 9.8 | ||
| 2019-01-16 | CVE-2019-6439 | examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. | Wolfssl | 9.8 | ||
| 2018-06-15 | CVE-2018-12436 | wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | Wolfssl | 4.7 | ||
| 2017-05-09 | CVE-2017-8855 | wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | Wolfssl | 7.5 | ||
| 2017-05-09 | CVE-2017-8854 | wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | Wolfssl | 7.8 | ||
| 2017-02-24 | CVE-2017-6076 | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | Wolfssl | 5.5 | ||
| 2016-12-13 | CVE-2016-7439 | The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | Wolfssl | 5.5 | ||
| 2016-12-13 | CVE-2016-7438 | The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | Wolfssl | 5.5 | ||
| 2016-01-22 | CVE-2015-6925 | wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | Wolfssl | 7.5 | ||
| 2017-10-06 | CVE-2014-2903 | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | Wolfssl | 5.9 |