Vulnerabilities > Wolfssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-14317 | Insufficient Entropy vulnerability in Wolfssl wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. | 5.3 |
| 2019-11-21 | CVE-2014-2904 | Improper Authentication vulnerability in Wolfssl wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | 7.5 |
| 2019-11-21 | CVE-2014-2902 | Improper Certificate Validation vulnerability in Wolfssl wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | 7.5 |
| 2019-11-21 | CVE-2014-2901 | Improper Certificate Validation vulnerability in Wolfssl wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | 7.5 |
| 2019-11-09 | CVE-2019-18840 | Out-of-bounds Write vulnerability in Wolfssl 4.1.0/4.2.0/4.2.0C In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. | 7.5 |
| 2019-10-03 | CVE-2019-13628 | Information Exposure Through Discrepancy vulnerability in Wolfssl wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. | 4.7 |
| 2019-09-24 | CVE-2019-16748 | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. | 9.8 |
| 2019-08-26 | CVE-2019-15651 | Out-of-bounds Read vulnerability in Wolfssl 4.1.0 wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. | 9.8 |
| 2019-05-23 | CVE-2019-11873 | Out-of-bounds Write vulnerability in Wolfssl 4.0 wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. | 9.8 |
| 2019-01-16 | CVE-2019-6439 | Out-of-bounds Write vulnerability in Wolfssl examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. | 9.8 |