1474 matches found
CVE-2020-15309
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...
CVE-2020-12457
The vulnerability CVE-2020-12457 affects wolfSSL prior to 4.5.0. It mishandles the ChangeCipherSpec (CCS) processing for TLS 1.3, allowing an attacker to craft CCS messages (more than one in a row) that cause the server to stall in the ProcessReply() loop, resulting in a denial of service. The is...
CVE-2020-12457
An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply loop, i.e., a denial of...
CVE-2020-12457
An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply loop, i.e., a denial of...
CVE-2020-24585
The CVE-2020-24585 entry concerns wolfSSL’s DTLS handshake prior to version 4.5.0, where Clear DTLS application_data messages in epoch 0 do not trigger an out‑of‑order error but are instead returned to the application. Affected component is the DTLS handshake implementation in wolfSSL before 4.5....
CVE-2020-24585
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application...
CVE-2020-24585
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application...
PT-2020-14347 · Wolfssl · Wolfssl
Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 4.5.0 Description: An issue allows local attackers to conduct a cache-timing attack against public key operations. This could potentially expose sensitive information if the affected system has been used for private...
wolfSSL encryption issue vulnerability (CNVD-2020-50525)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the ecc.c file in wolfSSL versions prior to 4.4.0. No details of the vulnerability are provided at th...
Timing Attack
wolfssl.native is vulnerable to timing attack. Operations involving a private key such as key generation or signing in ecc.c fails to use a constant-time modular inverse when mapping to affine coordinates, leaking sensitive coordinates when an attacker can take advantage of timing variations in...
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
DEBIAN-CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
UBUNTU-CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
CVE-2020-11735
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...
CVE-2020-11735
The CVE-2020-11735 issue affects wolfSSL’s ECC implementation (ecc.c) in versions prior to 4.4.0, where private-key operations do not use a constant-time modular inverse when mapping to affine coordinates, causing a projective coordinates leak. This is treated as a timing-related vulnerability af...
CVE-2019-9498
A flaw was found in wpasupplicant. An attack using invalid scalar/element values is possible against the EAP-pwd server since hostapd and wpasupplicant did not validate these values in the received EAP-pwd-Commit messages. When processing an EAP-pwd Commit frame, the peer's scalar and element...
wolfSSL encryption issue vulnerability (CNVD-2020-22973)
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the wceccmulmodex of the ecc.c file in wolfSSL version 4.3.0. An attacker can exploit this...