2 matches found
CVE-2014-2897
The CVE-2014-2897 issue affects wolfSSL/CyaSSL 2.5.0 prior to 2.9.4 where the SSL 3 HMAC padding length is not checked on verification, enabling a remote attacker to trigger an out-of-bounds read via a crafted HMAC. This is a network-accessible vulnerability with potential confidentiality, integr...
CVE-2014-2897
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read...