133 matches found
CVE-2026-2645
CVE-2026-2645 concerns wolfSSL’s TLS 1.2 server state machine: in 5.8.2 and earlier a logic flaw could allow accepting a CertificateVerify before ClientKeyExchange. The issue affects wolfSSL versions before 5.8.4; 5.8.4 detects the problem later in the handshake, while 5.9.0 hardened to catch it ...
PT-2026-26338
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVE ALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process cras...
Linux Distros Unpatched Vulnerability : CVE-2026-3580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This...
CVE-2022-38152
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...
CVE-2022-38153
An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...
CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...
Linux Distros Unpatched Vulnerability : CVE-2025-13912
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non- constant-time binary by LLVM optimizations, which can...
CVE-2025-11933
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...
CVE-2025-11936
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...
EUVD-2025-198525
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...
Linux Distros Unpatched Vulnerability : CVE-2025-11934
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for...
Linux Distros Unpatched Vulnerability : CVE-2025-11933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to...
CVE-2025-11933
CVE-2025-11933 describes an issue in wolfSSL up to version 5.8.2 where improper input validation in the TLS 1.3 CKS extension parsing can allow a remote unauthenticated attacker to cause a denial‑of‑service with a crafted ClientHello containing duplicate CKS extensions. Affected software is wolfS...
CVE-2025-11934
CVE-2025-11934 concerns wolfSSL’s TLS 1.3 CertificateVerify signature algorithm negotiation. The vulnerability stems from improper input validation that can downgrade the negotiated signature algorithm (e.g., client supports ECDSA P521 but server accepts and uses ECDSA P256), potentially weakenin...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL versions 5.8.2 and earlier, which stems from improper validation of the TLS 1.3 CertificateVerify...
EUVD-2019-9551
Malware in sbrugna...
EUVD-2019-5541
Malware in sbrugna...
EUVD-2021-26667
Malware in sbrugna...
EUVD-2015-7644
Malware in sbrugna...
EUVD-2020-23755
Malware in sbrugna...