Vulnerabilities > Wolfssl
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-21 | CVE-2020-15309 | Race Condition vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. | 7.0 |
2020-08-21 | CVE-2020-12457 | Infinite Loop vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0. | 7.5 |
2020-06-25 | CVE-2020-11735 | Information Exposure Through Discrepancy vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | 5.3 |
2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 7.5 |
2020-01-28 | CVE-2014-2898 | Out-of-bounds Read vulnerability in Wolfssl wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | 9.8 |
2020-01-28 | CVE-2014-2897 | Out-of-bounds Read vulnerability in Wolfssl The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | 9.8 |
2020-01-28 | CVE-2014-2896 | Out-of-bounds Read vulnerability in Wolfssl The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. | 9.8 |
2019-12-25 | CVE-2019-19963 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. | 5.3 |
2019-12-25 | CVE-2019-19962 | Improper Verification of Cryptographic Signature vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 |
2019-12-25 | CVE-2019-19960 | Unspecified vulnerability in Wolfssl In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | 5.3 |