2 matches found
wolfSSL encryption issue vulnerability (CNVD-2020-22973)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the wceccmulmodex of the ecc.c file in wolfSSL version 4.3.0. An attacker can exploit this...
User Enumeration
Overview Affected versions of this package are vulnerable to User Enumeration wolfSSL 4.3.0 has mulmod code in wceccmulmodex in ecc.c that does not properly resist timing side-channel attacks. Remediation Upgrade wolfssl to version 5.0.0 or higher. References - GitHub Gist - GitHub PR...