Vulnerabilities > Wolfssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-01 | CVE-2021-45934 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType). | 5.5 |
| 2022-01-01 | CVE-2021-45936 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType). | 5.5 |
| 2022-01-01 | CVE-2021-45937 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). | 5.5 |
| 2022-01-01 | CVE-2021-45938 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). | 5.5 |
| 2022-01-01 | CVE-2021-45939 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). | 5.5 |
| 2021-08-12 | CVE-2021-38597 | Insufficient Verification of Data Authenticity vulnerability in Wolfssl wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | 5.9 |
| 2021-07-21 | CVE-2021-37155 | Unspecified vulnerability in Wolfssl 4.6.0/4.7.0 wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | 9.8 |
| 2021-07-14 | CVE-2021-24116 | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
| 2021-01-29 | CVE-2021-3336 | Improper Certificate Validation vulnerability in Wolfssl DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 8.1 |
| 2021-01-06 | CVE-2020-36177 | Out-of-bounds Write vulnerability in Wolfssl RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. | 9.8 |