Vulnerabilities > Wolfssl > Wolfssl > 3.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-14 | CVE-2021-24116 | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.0 |
2021-01-29 | CVE-2021-3336 | Improper Certificate Validation vulnerability in Wolfssl DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 6.8 |
2021-01-06 | CVE-2020-36177 | Out-of-bounds Write vulnerability in Wolfssl RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. | 10.0 |
2020-08-24 | CVE-2020-24613 | Improper Certificate Validation vulnerability in Wolfssl wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. | 4.9 |
2020-08-21 | CVE-2020-24585 | Unspecified vulnerability in Wolfssl An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. | 5.0 |
2020-08-21 | CVE-2020-15309 | Race Condition vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. | 7.0 |
2020-08-21 | CVE-2020-12457 | Improper Input Validation vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0. | 5.0 |
2020-06-25 | CVE-2020-11735 | Inadequate Encryption Strength vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | 5.0 |
2019-12-25 | CVE-2019-19963 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. network wolfssl | 4.3 |
2019-12-25 | CVE-2019-19962 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 5.0 |