Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wolfssl
(Wolfssl)| Repositories | https://github.com/wolfSSL/wolfssl |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-25 | CVE-2019-19963 | An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. | Wolfssl | N/A | ||
| 2019-12-25 | CVE-2019-19960 | In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | Wolfssl | N/A | ||
| 2019-11-21 | CVE-2014-2904 | wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | Wolfssl | N/A | ||
| 2019-11-21 | CVE-2014-2902 | wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | Wolfssl | N/A | ||
| 2019-11-21 | CVE-2014-2901 | wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | Wolfssl | N/A | ||
| 2019-11-09 | CVE-2019-18840 | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | Wolfssl | N/A | ||
| 2019-01-03 | CVE-2018-16870 | It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. | Wolfssl | 5.9 | ||
| 2017-12-13 | CVE-2017-13099 | wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." | Instant, Scalance_w1750d_firmware, Wolfssl | 5.9 | ||
| 2019-10-03 | CVE-2019-13628 | wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. | Wolfssl | N/A | ||
| 2019-09-24 | CVE-2019-16748 | In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. | Wolfssl | N/A |