Vulnerabilities > Wolfssl > Wolfssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-37155 | Unspecified vulnerability in Wolfssl 4.6.0 wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | 7.5 |
| 2021-07-14 | CVE-2021-24116 | Information Exposure Through Discrepancy vulnerability in Wolfssl In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.0 |
| 2021-01-29 | CVE-2021-3336 | Improper Certificate Validation vulnerability in Wolfssl DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 6.8 |
| 2021-01-06 | CVE-2020-36177 | Out-of-bounds Write vulnerability in Wolfssl RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. | 10.0 |
| 2020-08-24 | CVE-2020-24613 | Improper Certificate Validation vulnerability in Wolfssl wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. | 4.9 |
| 2020-08-21 | CVE-2020-24585 | Unspecified vulnerability in Wolfssl An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. | 5.0 |
| 2020-08-21 | CVE-2020-15309 | Race Condition vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. | 7.0 |
| 2020-08-21 | CVE-2020-12457 | Improper Input Validation vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.5.0. | 5.0 |
| 2020-06-25 | CVE-2020-11735 | Inadequate Encryption Strength vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | 5.0 |
| 2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 5.0 |