1489 matches found
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. Remediation Upgrade wolfssl to version 4.8.1 ...
CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension...
UBUNTU-CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension...
Code injection
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension...
CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension...
CVE-2021-38597
CVE-2021-38597 affects wolfSSL before 4.8.1, where OCSP verification can be skipped in certain cases involving unrelated response data containing the NoCheck extension. The vulnerability’s impact is recorded as partial confidentiality exposure (CVSSv2/3.1 base score ~4.3–5.9). Connected sources r...
CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension...
wolfSSL 数据伪造问题漏洞
Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from incorrectly skipping OCSP validation under certain circumstances containing extraneous...
DEBIAN-CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. Remediation Upgrade wolfssl to version 4.8....
Cross site request forgery (csrf)
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
UBUNTU-CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
CVE-2021-37155
CVE-2021-37155 affects wolfSSL 4.6.x through 4.7.x before 4.8.0, where an OCSP serial-number mismatch does not produce a failure outcome, per multiple sources. The vulnerability is tied to OCSP response handling in the affected wolfSSL versions; the publicly documented impact is a failure in vali...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
CVE-2021-37155
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...
Wolfssl 安全漏洞
Wolfssl CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL version 4.6.x and versions 4.7.x prior to 4.8.0. No information about this vulnerability is available at this...
DEBIAN-CVE-2021-24116
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...