Vulnerabilities > Wolfssl

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36177 Out-Of-Bounds Write vulnerability in Wolfssl
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
network
low complexity
wolfssl CWE-787
critical
10.0
2020-08-24 CVE-2020-24613 Improper Certificate Validation vulnerability in Wolfssl
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c.
network
wolfssl CWE-295
4.9
2020-08-21 CVE-2020-24585 Unspecified vulnerability in Wolfssl
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0.
network
low complexity
wolfssl
5.0
2020-08-21 CVE-2020-15309 Race Condition vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
6.9
2020-08-21 CVE-2020-12457 Improper Input Validation vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0.
network
low complexity
wolfssl CWE-20
5.0
2020-06-25 CVE-2020-11735 Inadequate Encryption Strength vulnerability in Wolfssl
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
network
low complexity
wolfssl CWE-326
5.0
2020-04-12 CVE-2020-11713 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Wolfssl 4.3.0
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
network
low complexity
wolfssl CWE-327
5.0
2020-01-28 CVE-2014-2898 Out-Of-Bounds Read vulnerability in Wolfssl
wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
network
low complexity
wolfssl CWE-125
7.5
2020-01-28 CVE-2014-2897 Out-Of-Bounds Read vulnerability in Wolfssl
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
network
low complexity
wolfssl CWE-125
7.5
2020-01-28 CVE-2014-2896 Out-Of-Bounds Read vulnerability in Wolfssl
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
network
low complexity
wolfssl CWE-125
7.5