Vulnerabilities > Wolfssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-16870 | Cryptographic Issues vulnerability in Wolfssl It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. | 5.9 |
| 2018-06-15 | CVE-2018-12436 | Information Exposure vulnerability in Wolfssl wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. | 4.7 |
| 2017-12-13 | CVE-2017-13099 | Information Exposure Through Discrepancy vulnerability in multiple products wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. | 5.9 |
| 2017-10-06 | CVE-2014-2903 | Cryptographic Issues vulnerability in Wolfssl CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | 5.9 |
| 2017-05-24 | CVE-2017-2800 | Improper Certificate Validation vulnerability in Wolfssl A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. | 9.8 |
| 2017-05-09 | CVE-2017-8855 | Unspecified vulnerability in Wolfssl wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | 7.5 |
| 2017-05-09 | CVE-2017-8854 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wolfssl wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | 7.8 |
| 2017-02-24 | CVE-2017-6076 | Information Exposure vulnerability in Wolfssl In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | 5.5 |
| 2016-12-13 | CVE-2016-7440 | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | 5.5 |
| 2016-12-13 | CVE-2016-7439 | Cryptographic Issues vulnerability in Wolfssl The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | 5.5 |