Vulnerabilities > Wolfssl > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-2881 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-29 CVE-2024-1545 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-27 CVE-2024-5991 Out-of-bounds Read vulnerability in Wolfssl
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
network
low complexity
wolfssl CWE-125
7.5
2023-07-17 CVE-2023-3724 Improper Certificate Validation vulnerability in Wolfssl
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret.
network
low complexity
wolfssl CWE-295
8.8
2022-09-29 CVE-2022-39173 Out-of-bounds Write vulnerability in Wolfssl
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake.
network
low complexity
wolfssl CWE-787
7.5
2022-08-31 CVE-2022-38152 Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl
An issue was discovered in wolfSSL before 5.5.0.
network
low complexity
wolfssl CWE-754
7.5
2022-02-24 CVE-2022-25640 Improper Certificate Validation vulnerability in Wolfssl
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication.
network
low complexity
wolfssl CWE-295
7.5
2021-07-21 CVE-2021-37155 Unspecified vulnerability in Wolfssl 4.6.0
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
network
low complexity
wolfssl
7.5
2020-08-21 CVE-2020-15309 Race Condition vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
local
high complexity
wolfssl CWE-362
7.0
2020-01-28 CVE-2014-2898 Out-of-bounds Read vulnerability in Wolfssl
wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
network
low complexity
wolfssl CWE-125
7.5