133 matches found
DEBIAN-CVE-2020-15309
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...
wolfSSL encryption issue vulnerability (CNVD-2020-50525)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the ecc.c file in wolfSSL versions prior to 4.4.0. No details of the vulnerability are provided at th...
CVE-2019-19960
In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...
wolfSSL encryption issue vulnerability
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 4.3.0 that stems from the program failing to properly handle calls to the...
Unspecified vulnerability in wolfSSL (CNVD-2020-01644)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the 'wceccmulmodex' function in wolfSSL versions prior to 4.3.0, which can be exploited by an attacke...
CVE-2014-2901
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname...
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a crafted DER certificate in GetLengthex...
UBUNTU-CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...
wolfSSL Buffer Overflow Vulnerability
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A buffer overflow vulnerability exists in wolfSSL versions prior to 3.10.2. An attacker can exploit this vulnerability to execute...
WolfSSL Denial of Service Vulnerability
WolfSSL formerly known as CyaSSL is the United States WolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL versions prior to 3.6.8. A remote attacker can exploit this vulnerability to cause a denial o...
DEBIAN-CVE-2015-7744
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
CVE-2015-7744
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
CVE-2015-6925
wolfSSL formerly CyaSSL before 3.6.8 allows remote attackers to cause a denial of service resource consumption or traffic amplification via a crafted DTLS cookie in a ClientHello message...