Vulnerabilities > Wolfssl > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-2881 | Injection vulnerability in Wolfssl 5.6.6 Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | 8.8 |
| 2024-08-29 | CVE-2024-1545 | Injection vulnerability in Wolfssl 5.6.6 Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | 8.8 |
| 2024-08-27 | CVE-2024-5991 | Out-of-bounds Read vulnerability in Wolfssl In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. | 7.5 |
| 2023-07-17 | CVE-2023-3724 | Improper Certificate Validation vulnerability in Wolfssl If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. | 8.8 |
| 2022-09-29 | CVE-2022-39173 | Out-of-bounds Write vulnerability in Wolfssl In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. | 7.5 |
| 2022-08-31 | CVE-2022-38152 | Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.5.0. | 7.5 |
| 2022-08-08 | CVE-2022-34293 | Unspecified vulnerability in Wolfssl wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | 7.5 |
| 2022-02-24 | CVE-2022-25640 | Improper Certificate Validation vulnerability in Wolfssl In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. | 7.5 |
| 2021-01-29 | CVE-2021-3336 | Improper Certificate Validation vulnerability in Wolfssl DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 8.1 |
| 2020-08-21 | CVE-2020-15309 | Race Condition vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. | 7.0 |