Vulnerabilities > Wolfssl

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2022-39173 Out-of-bounds Write vulnerability in Wolfssl
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake.
network
low complexity
wolfssl CWE-787
7.5
7.5
2022-09-02 CVE-2021-44718 Infinite Loop vulnerability in Wolfssl
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position.
network
high complexity
wolfssl CWE-835
5.9
5.9
2022-08-31 CVE-2022-38153 Allocation of Resources Without Limits or Throttling vulnerability in Wolfssl 5.3.0
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable.
network
high complexity
wolfssl CWE-770
5.9
5.9
2022-08-31 CVE-2022-38152 Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl
An issue was discovered in wolfSSL before 5.5.0.
network
low complexity
wolfssl CWE-754
7.5
7.5
2022-08-08 CVE-2022-34293 Unspecified vulnerability in Wolfssl
wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.
network
low complexity
wolfssl
7.5
7.5
2022-02-24 CVE-2022-25638 Improper Certificate Validation vulnerability in Wolfssl
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server.
network
low complexity
wolfssl CWE-295
6.5
6.5
2022-02-24 CVE-2022-25640 Improper Certificate Validation vulnerability in Wolfssl
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication.
network
low complexity
wolfssl CWE-295
7.5
7.5
2022-01-18 CVE-2022-23408 Use of Insufficiently Random Values vulnerability in Wolfssl 5.0.0/5.1.0
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations.
network
low complexity
wolfssl CWE-330
critical
 9.1
9.1
2022-01-01 CVE-2021-45932 Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
local
low complexity
wolfssl CWE-787
5.5
5.5
2022-01-01 CVE-2021-45933 Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
local
low complexity
wolfssl CWE-787
5.5
5.5