Vulnerabilities > Wolfssl > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2020-12457 | Infinite Loop vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0. | 7.5 |
| 2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 7.5 |
| 2019-12-25 | CVE-2019-19962 | Improper Verification of Cryptographic Signature vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 |
| 2019-11-21 | CVE-2014-2904 | Improper Authentication vulnerability in Wolfssl wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | 7.5 |
| 2019-11-21 | CVE-2014-2902 | Improper Certificate Validation vulnerability in Wolfssl wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | 7.5 |
| 2019-11-21 | CVE-2014-2901 | Improper Certificate Validation vulnerability in Wolfssl wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | 7.5 |
| 2019-11-09 | CVE-2019-18840 | Out-of-bounds Write vulnerability in Wolfssl 4.1.0/4.2.0/4.2.0C In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. | 7.5 |
| 2017-05-09 | CVE-2017-8855 | Unspecified vulnerability in Wolfssl wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | 7.5 |
| 2017-05-09 | CVE-2017-8854 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wolfssl wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | 7.8 |
| 2016-01-22 | CVE-2015-6925 | Resource Management Errors vulnerability in Wolfssl wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | 7.5 |