Vulnerabilities > Wolfssl

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-15309 Race Condition vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
local
high complexity
wolfssl CWE-362
7.0
2020-08-21 CVE-2020-12457 Infinite Loop vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0.
network
low complexity
wolfssl CWE-835
7.5
2020-06-25 CVE-2020-11735 Information Exposure Through Discrepancy vulnerability in Wolfssl
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
network
low complexity
wolfssl CWE-203
5.3
2020-04-12 CVE-2020-11713 Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
network
low complexity
wolfssl CWE-203
7.5
2020-01-28 CVE-2014-2898 Out-of-bounds Read vulnerability in Wolfssl
wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
network
low complexity
wolfssl CWE-125
critical
9.8
2020-01-28 CVE-2014-2897 Out-of-bounds Read vulnerability in Wolfssl
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
network
low complexity
wolfssl CWE-125
critical
9.8
2020-01-28 CVE-2014-2896 Out-of-bounds Read vulnerability in Wolfssl
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
network
low complexity
wolfssl CWE-125
critical
9.8
2019-12-25 CVE-2019-19963 Unspecified vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled.
network
low complexity
wolfssl
5.3
2019-12-25 CVE-2019-19962 Improper Verification of Cryptographic Signature vulnerability in Wolfssl
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
network
low complexity
wolfssl CWE-347
7.5
2019-12-25 CVE-2019-19960 Unspecified vulnerability in Wolfssl
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
network
low complexity
wolfssl
5.3