Vulnerabilities > Wolfssl > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-12457 Infinite Loop vulnerability in Wolfssl
An issue was discovered in wolfSSL before 4.5.0.
network
low complexity
wolfssl CWE-835
7.5
2020-04-12 CVE-2020-11713 Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
network
low complexity
wolfssl CWE-203
7.5
2019-12-25 CVE-2019-19962 Improper Verification of Cryptographic Signature vulnerability in Wolfssl
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
network
low complexity
wolfssl CWE-347
7.5
2019-11-21 CVE-2014-2904 Improper Authentication vulnerability in Wolfssl
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
network
low complexity
wolfssl CWE-287
7.5
2019-11-21 CVE-2014-2902 Improper Certificate Validation vulnerability in Wolfssl
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
network
low complexity
wolfssl CWE-295
7.5
2019-11-21 CVE-2014-2901 Improper Certificate Validation vulnerability in Wolfssl
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
network
low complexity
wolfssl CWE-295
7.5
2019-11-09 CVE-2019-18840 Out-of-bounds Write vulnerability in Wolfssl 4.1.0/4.2.0/4.2.0C
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking.
network
low complexity
wolfssl CWE-787
7.5
2017-05-09 CVE-2017-8855 Unspecified vulnerability in Wolfssl
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
network
low complexity
wolfssl
7.5
2017-05-09 CVE-2017-8854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wolfssl
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
local
low complexity
wolfssl CWE-119
7.8
2016-01-22 CVE-2015-6925 Resource Management Errors vulnerability in Wolfssl
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
network
low complexity
wolfssl CWE-399
7.5