Wolfssl
by WolfSSL
Source repositories
CVEs (116)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12457 | 0.00 | — | 0.02 | Aug 21, 2020 | An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply()… | |||
| CVE-2020-24585 | 0.00 | — | 0.01 | Aug 21, 2020 | An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. | |||
| CVE-2020-11735 | 0.00 | — | 0.01 | Jun 25, 2020 | The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | |||
| CVE-2020-11713 | 0.00 | — | 0.02 | Apr 12, 2020 | wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | |||
| CVE-2019-19960 | 0.00 | — | 0.01 | Dec 24, 2019 | In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | |||
| CVE-2019-19962 | 0.00 | — | 0.01 | Dec 24, 2019 | wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | |||
| CVE-2019-19963 | 0.00 | — | 0.01 | Dec 24, 2019 | An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. | |||
| CVE-2019-14317 | 0.00 | — | 0.02 | Dec 11, 2019 | wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the… | |||
| CVE-2014-2904 | 0.00 | — | 0.01 | Nov 21, 2019 | wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | |||
| CVE-2014-2901 | 0.00 | — | 0.01 | Nov 21, 2019 | wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | |||
| CVE-2019-18840 | 0.00 | — | 0.02 | Nov 9, 2019 | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the… | |||
| CVE-2019-16748 | 0.00 | — | 0.01 | Sep 24, 2019 | In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. | |||
| CVE-2019-15651 | 0.00 | — | 0.01 | Aug 26, 2019 | wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. | |||
| CVE-2019-6439 | 0.00 | — | 0.03 | Jan 16, 2019 | examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. | |||
| CVE-2018-16870 | 0.00 | — | 0.02 | Jan 3, 2019 | It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. | |||
| CVE-2018-12436 | Med | 0.00 | 4.7 | 0.00 | Jun 15, 2018 | wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine… |
- CVE-2020-12457Aug 21, 2020risk 0.00cvss —epss 0.02
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply()…
- CVE-2020-24585Aug 21, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
- CVE-2020-11735Jun 25, 2020risk 0.00cvss —epss 0.01
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
- CVE-2020-11713Apr 12, 2020risk 0.00cvss —epss 0.02
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
- CVE-2019-19960Dec 24, 2019risk 0.00cvss —epss 0.01
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
- CVE-2019-19962Dec 24, 2019risk 0.00cvss —epss 0.01
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
- CVE-2019-19963Dec 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
- CVE-2019-14317Dec 11, 2019risk 0.00cvss —epss 0.02
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the…
- CVE-2014-2904Nov 21, 2019risk 0.00cvss —epss 0.01
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
- CVE-2014-2901Nov 21, 2019risk 0.00cvss —epss 0.01
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
- CVE-2019-18840Nov 9, 2019risk 0.00cvss —epss 0.02
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the…
- CVE-2019-16748Sep 24, 2019risk 0.00cvss —epss 0.01
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
- CVE-2019-15651Aug 26, 2019risk 0.00cvss —epss 0.01
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
- CVE-2019-6439Jan 16, 2019risk 0.00cvss —epss 0.03
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
- CVE-2018-16870Jan 3, 2019risk 0.00cvss —epss 0.02
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
- risk 0.00cvss 4.7epss 0.00
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine…
Page 6 of 6