Vulnerabilities > Wolfssl > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-01 | CVE-2021-45937 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). | 5.5 |
| 2022-01-01 | CVE-2021-45938 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). | 5.5 |
| 2022-01-01 | CVE-2021-45939 | Out-of-bounds Write vulnerability in Wolfssl Wolfmqtt 1.9 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). | 5.5 |
| 2021-08-12 | CVE-2021-38597 | Insufficient Verification of Data Authenticity vulnerability in Wolfssl wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | 5.9 |
| 2021-07-14 | CVE-2021-24116 | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
| 2020-08-24 | CVE-2020-24613 | Improper Certificate Validation vulnerability in Wolfssl wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. | 6.8 |
| 2020-08-21 | CVE-2020-24585 | Unspecified vulnerability in Wolfssl An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. | 5.3 |
| 2020-06-25 | CVE-2020-11735 | Information Exposure Through Discrepancy vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | 5.3 |
| 2019-12-25 | CVE-2019-19963 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. | 5.3 |
| 2019-12-25 | CVE-2019-19960 | Unspecified vulnerability in Wolfssl In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | 5.3 |