Vulnerabilities > Wolfssl

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-2881 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-29 CVE-2024-1543 Information Exposure Through Discrepancy vulnerability in Wolfssl
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution.
local
low complexity
wolfssl CWE-203
5.5
2024-08-29 CVE-2024-1545 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-27 CVE-2024-5991 Out-of-bounds Read vulnerability in Wolfssl
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
network
low complexity
wolfssl CWE-125
7.5
2024-02-09 CVE-2023-6935 Information Exposure Through Discrepancy vulnerability in Wolfssl
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack.
network
high complexity
wolfssl CWE-203
5.9
2023-07-17 CVE-2023-3724 Improper Certificate Validation vulnerability in Wolfssl
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret.
network
low complexity
wolfssl CWE-295
8.8
2022-11-07 CVE-2022-42905 Out-of-bounds Read vulnerability in Wolfssl
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes.
network
low complexity
wolfssl CWE-125
critical
9.1
2022-10-15 CVE-2022-42961 Unspecified vulnerability in Wolfssl
An issue was discovered in wolfSSL before 5.5.0.
network
low complexity
wolfssl
5.3
2022-09-29 CVE-2022-39173 Out-of-bounds Write vulnerability in Wolfssl
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake.
network
low complexity
wolfssl CWE-787
7.5
2022-09-02 CVE-2021-44718 Infinite Loop vulnerability in Wolfssl
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position.
network
high complexity
wolfssl CWE-835
5.9