Vulnerabilities > Wolfssl > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-28 CVE-2014-2897 Out-of-bounds Read vulnerability in Wolfssl
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
network
low complexity
wolfssl CWE-125
7.5
2020-01-28 CVE-2014-2896 Out-of-bounds Read vulnerability in Wolfssl
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
network
low complexity
wolfssl CWE-125
7.5
2019-09-24 CVE-2019-16748 Out-of-bounds Read vulnerability in Wolfssl
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking.
network
low complexity
wolfssl CWE-125
7.5
2019-08-26 CVE-2019-15651 Out-of-bounds Read vulnerability in Wolfssl 4.1.0
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
network
low complexity
wolfssl CWE-125
7.5
2019-05-23 CVE-2019-11873 Out-of-bounds Write vulnerability in Wolfssl 4.0
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size.
network
low complexity
wolfssl CWE-787
7.5
2019-01-16 CVE-2019-6439 Out-of-bounds Write vulnerability in Wolfssl
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
network
low complexity
wolfssl CWE-787
7.5