Vulnerabilities > Wolfssl > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-2881 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-29 CVE-2024-1545 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-27 CVE-2024-5991 Out-of-bounds Read vulnerability in Wolfssl
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
network
low complexity
wolfssl CWE-125
7.5
2023-07-17 CVE-2023-3724 Improper Certificate Validation vulnerability in Wolfssl
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret.
network
low complexity
wolfssl CWE-295
8.8
2022-09-29 CVE-2022-39173 Out-of-bounds Write vulnerability in Wolfssl
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake.
network
low complexity
wolfssl CWE-787
7.5
2022-08-31 CVE-2022-38152 Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl
An issue was discovered in wolfSSL before 5.5.0.
network
low complexity
wolfssl CWE-754
7.5
2022-08-08 CVE-2022-34293 Unspecified vulnerability in Wolfssl
wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.
network
low complexity
wolfssl
7.5
2022-02-24 CVE-2022-25640 Improper Certificate Validation vulnerability in Wolfssl
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication.
network
low complexity
wolfssl CWE-295
7.5
2021-01-29 CVE-2021-3336 Improper Certificate Validation vulnerability in Wolfssl
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
network
high complexity
wolfssl CWE-295
8.1
2020-08-21 CVE-2020-15309 Race Condition vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.
local
high complexity
wolfssl CWE-362
7.0