Vulnerabilities > Wolfssl > Wolfssl > 5.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-17 | CVE-2023-3724 | Improper Certificate Validation vulnerability in Wolfssl If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. | 8.8 |
2022-11-07 | CVE-2022-42905 | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. | 9.1 |
2022-10-15 | CVE-2022-42961 | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.5.0. | 5.3 |
2022-09-29 | CVE-2022-39173 | Out-of-bounds Write vulnerability in Wolfssl In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. | 7.5 |
2022-08-31 | CVE-2022-38152 | Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.5.0. | 7.5 |