Vulnerabilities > Wolfssl
|2021-07-21||CVE-2021-37155|| Unspecified vulnerability in Wolfssl 4.6.0 |
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
| 7.5 |
|2021-07-14||CVE-2021-24116|| Information Exposure Through Discrepancy vulnerability in Wolfssl |
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
| 4.0 |
|2021-01-29||CVE-2021-3336|| Improper Certificate Validation vulnerability in Wolfssl |
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
| 6.8 |
|2021-01-06||CVE-2020-36177|| Out-Of-Bounds Write vulnerability in Wolfssl |
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
| 10.0 |
|2020-08-24||CVE-2020-24613|| Improper Certificate Validation vulnerability in Wolfssl |
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c.
| 4.9 |
|2020-08-21||CVE-2020-24585|| Unspecified vulnerability in Wolfssl |
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0.
| 5.0 |
|2020-08-21||CVE-2020-15309|| Race Condition vulnerability in Wolfssl |
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
| 6.9 |
|2020-08-21||CVE-2020-12457|| Improper Input Validation vulnerability in Wolfssl |
An issue was discovered in wolfSSL before 4.5.0.
| 5.0 |
|2020-06-25||CVE-2020-11735|| Inadequate Encryption Strength vulnerability in Wolfssl |
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
| 5.0 |
|2020-04-12||CVE-2020-11713|| USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Wolfssl 4.3.0 |
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
| 5.0 |