Vulnerabilities > Wolfssl > Wolfssl > 3.14.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-1543 | Information Exposure Through Discrepancy vulnerability in Wolfssl The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. | 5.5 |
| 2024-08-27 | CVE-2024-5288 | Insecure Storage of Sensitive Information vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.7.0. | 5.9 |
| 2024-08-27 | CVE-2024-5991 | Out-of-bounds Read vulnerability in Wolfssl In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. | 7.5 |
| 2024-02-20 | CVE-2023-6936 | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). | 9.1 |
| 2024-02-15 | CVE-2023-6937 | Unspecified vulnerability in Wolfssl wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. | 5.3 |
| 2024-02-09 | CVE-2023-6935 | Information Exposure Through Discrepancy vulnerability in Wolfssl wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. | 5.9 |
| 2023-07-17 | CVE-2023-3724 | Improper Certificate Validation vulnerability in Wolfssl If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. | 8.8 |
| 2022-11-07 | CVE-2022-42905 | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. | 9.1 |
| 2022-10-15 | CVE-2022-42961 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.5.0. | 5.3 |
| 2022-09-29 | CVE-2022-39173 | Out-of-bounds Write vulnerability in Wolfssl In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. | 7.5 |