CVE-2026-3547

CVE-2026-3547 concerns wolfSSL before or including version 5.8.4, where an out-of-bounds read can occur in ALPN parsing due to incomplete validation when ALPN is enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list may trigger a crash, causing a denial of service. ALPN is disabled by...

CVE-2026-2645

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

CVE-2025-11934

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

CVE-2025-11934

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...

EUVD-2021-25039

Malware in sbrugna...

EUVD-2024-17290

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a craft...

Linux Distros Unpatched Vulnerability : CVE-2019-6439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - examples/benchmark/tlsbench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. CVE-2019-6439 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2019-15651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a...

PT-2025-30103

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.2 Description In wolfSSL release 5.8.2, blinding support is enabled by default for Curve25519 in applicable builds. This feature provides an additional layer of protection against side-channel attacks aimed at extracting a...

CVE-2021-37155

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...

Linux Distros Unpatched Vulnerability : CVE-2024-1543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side- channel attacker with cache-line resolution. In a...

PT-2024-22582 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: WolfSSL versions 5.6.6 and earlier Description: The issue is related to a Fault Injection vulnerability in the wc ed25519 sign msg function in WolfSSL, which affects the ed25519 key structure. This vulnerability allows a remote attacker...

PT-2024-18128

Name of the Vulnerable Software and Affected Versions WolfSSL version 5.6.6 Description A Fault Injection vulnerability in the RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c allows a remote attacker co-residing in the same system with a victim process to disclose information and...

CVE-2021-37155

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

CVE-2014-2901

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname...