Vulnerabilities > Wolfssl

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2021-38597 Insufficient Verification of Data Authenticity vulnerability in Wolfssl
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
network
wolfssl CWE-345
4.3
2021-07-21 CVE-2021-37155 Unspecified vulnerability in Wolfssl 4.6.0
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
network
low complexity
wolfssl
7.5
2021-07-14 CVE-2021-24116 Information Exposure Through Discrepancy vulnerability in Wolfssl
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
wolfssl CWE-203
4.0
2021-01-29 CVE-2021-3336 Improper Certificate Validation vulnerability in Wolfssl
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
network
wolfssl CWE-295
6.8
2021-01-06 CVE-2020-36177 Out-of-bounds Write vulnerability in Wolfssl
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
network
low complexity
wolfssl CWE-787
critical
10.0
2020-08-24 CVE-2020-24613 Improper Certificate Validation vulnerability in Wolfssl
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c.
network
wolfssl CWE-295
4.9
2020-08-21 CVE-2020-24585 Unspecified vulnerability in Wolfssl
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0.
network
low complexity
wolfssl
5.0
2020-08-21 CVE-2020-15309 Race Condition vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
6.9
2020-08-21 CVE-2020-12457 Improper Input Validation vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0.
network
low complexity
wolfssl CWE-20
5.0
2020-06-25 CVE-2020-11735 Inadequate Encryption Strength vulnerability in Wolfssl
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
network
low complexity
wolfssl CWE-326
5.0