Filtered by vendor Wolfssl
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15309 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 7.0 High |
| An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | ||||
| CVE-2020-12457 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 7.5 High |
| An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. | ||||
| CVE-2020-11735 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 5.3 Medium |
| The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | ||||
| CVE-2020-11713 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 7.5 High |
| wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | ||||
| CVE-2021-45937 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). | ||||
| CVE-2021-45936 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType). | ||||
| CVE-2021-45932 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). | ||||
| CVE-2021-45934 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType). | ||||
| CVE-2021-45933 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). | ||||
| CVE-2021-45939 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). | ||||
| CVE-2021-45938 | 1 Wolfssl | 1 Wolfmqtt | 2024-08-04 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). | ||||
| CVE-2021-44718 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 5.9 Medium |
| wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | ||||
| CVE-2021-38597 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 5.9 Medium |
| wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | ||||
| CVE-2021-37155 | 1 Wolfssl | 1 Wolfssl | 2024-08-04 | 9.8 Critical |
| wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | ||||
| CVE-2021-24116 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 4.9 Medium |
| In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | ||||
| CVE-2021-3336 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 8.1 High |
| DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. | ||||
| CVE-2022-42961 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 5.3 Medium |
| An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | ||||
| CVE-2022-42905 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 9.1 Critical |
| In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) | ||||
| CVE-2022-39173 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 7.5 High |
| In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. | ||||
| CVE-2022-38153 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 5.9 Medium |
| An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | ||||