VYPR

wolfcrypt

by WolfSSL

Source repositories

CVEs (5)

  • CVE-2024-2881MedAug 30, 2024
    risk 0.44cvss 6.7epss 0.00

    Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer…

  • CVE-2019-14317MedDec 11, 2019
    risk 0.35cvss 5.3epss 0.02

    wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the…

  • CVE-2026-3503MedMar 19, 2026
    risk 0.27cvss 5.2epss 0.00

    Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect…

  • CVE-2026-4395Mar 19, 2026
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path…

  • CVE-2024-1545MedAug 29, 2024
    risk 0.00cvss 5.9epss 0.01

    Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault…