26 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-8720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When...
CVE-2026-6679
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...
UBUNTU-CVE-2026-6679
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...
CVE-2026-6679
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...
PT-2026-52587
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...
CVE-2026-3547
CVE-2026-3547 concerns wolfSSL before or including version 5.8.4, where an out-of-bounds read can occur in ALPN parsing due to incomplete validation when ALPN is enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list may trigger a crash, causing a denial of service. ALPN is disabled by...
CVE-2026-2645
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...
CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...
CVE-2025-11934
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...
CVE-2025-11933
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...
CVE-2025-11934
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...
EUVD-2021-25039
Malware in sbrugna...
EUVD-2024-17290
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-6439
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - examples/benchmark/tlsbench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. CVE-2019-6439 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2019-11873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a craft...
Linux Distros Unpatched Vulnerability : CVE-2019-15651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a...
PT-2025-30103
Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.2 Description In wolfSSL release 5.8.2, blinding support is enabled by default for Curve25519 in applicable builds. This feature provides an additional layer of protection against side-channel attacks aimed at extracting a...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
Linux Distros Unpatched Vulnerability : CVE-2024-1543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side- channel attacker with cache-line resolution. In a...
PT-2024-22582 · Wolfssl +1 · Wolfssl +1
Name of the Vulnerable Software and Affected Versions: WolfSSL versions 5.6.6 and earlier Description: The issue is related to a Fault Injection vulnerability in the wc ed25519 sign msg function in WolfSSL, which affects the ed25519 key structure. This vulnerability allows a remote attacker...