Vulnerabilities > Wolfssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-25 | CVE-2020-11735 | Inadequate Encryption Strength vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | 5.0 |
| 2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 5.0 |
| 2020-01-28 | CVE-2014-2898 | Out-of-bounds Read vulnerability in Wolfssl wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | 7.5 |
| 2020-01-28 | CVE-2014-2897 | Out-of-bounds Read vulnerability in Wolfssl The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | 7.5 |
| 2020-01-28 | CVE-2014-2896 | Out-of-bounds Read vulnerability in Wolfssl The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. | 7.5 |
| 2019-12-25 | CVE-2019-19963 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. network wolfssl | 4.3 |
| 2019-12-25 | CVE-2019-19962 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 5.0 |
| 2019-12-25 | CVE-2019-19960 | Unspecified vulnerability in Wolfssl In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. network wolfssl | 4.3 |
| 2019-12-11 | CVE-2019-14317 | Missing Encryption of Sensitive Data vulnerability in Wolfssl wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. | 4.3 |
| 2019-11-21 | CVE-2014-2904 | Improper Authentication vulnerability in Wolfssl wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | 5.0 |