CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2020/01/28 4:15 p.m.•25 views

CVE-2014-2898

wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSLread function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure...

9.8CVSS9.8AI score0.0277EPSS

NVD•added 2020/01/28 4:15 p.m.•19 views

CVE-2014-2897

The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read...

9.8CVSS9.5AI score0.0277EPSS

Prion•added 2020/01/28 4:15 p.m.•19 views

Memory corruption

The DoAlert function in the 1 TLS and 2 DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read...

7.5CVSS7.8AI score0.0277EPSS

Prion•added 2020/01/28 4:15 p.m.•17 views

Out-of-bounds

7.5CVSS7.4AI score0.0277EPSS

Prion•added 2020/01/28 4:15 p.m.•18 views

Out-of-bounds

7.5CVSS7.7AI score0.0277EPSS

CVE•added 2020/01/28 3:42 p.m.•48 views

CVE-2014-2898

wolfSSL CyaSSL before 2.9.4 is affected by an out-of-bounds read in CyaSSL_read triggered when an error occurs, due to not checking the return code and MAC verification failure. Vulnerable component: CyaSSL_read (wolfSSL/CyaSSL). Impact: remote attackers could cause unspecified effects; the CVE n...

9.8CVSS9.7AI score0.0277EPSS

Cvelist•added 2020/01/28 3:42 p.m.•34 views

CVE-2014-2898

9.8AI score0.0277EPSS

CVE•added 2020/01/28 3:41 p.m.•40 views

CVE-2014-2897

The CVE-2014-2897 issue affects wolfSSL/CyaSSL 2.5.0 prior to 2.9.4 where the SSL 3 HMAC padding length is not checked on verification, enabling a remote attacker to trigger an out-of-bounds read via a crafted HMAC. This is a network-accessible vulnerability with potential confidentiality, integr...

9.8CVSS9.5AI score0.0277EPSS

Cvelist•added 2020/01/28 3:41 p.m.•25 views

CVE-2014-2896

10AI score0.0277EPSS

CVE•added 2020/01/28 3:41 p.m.•47 views

CVE-2014-2896

The DoAlert function in wolfSSL/CyaSSL TLS and DTLS implementations is affected by CVE-2014-2896 prior to version 2.9.4. The vulnerability allows remote attackers to trigger memory corruption or an out-of-bounds read over the network, with the impact described as unspecified in the primary entry....

9.8CVSS9.8AI score0.0277EPSS

OSV•added 2019/12/25 12:15 a.m.•17 views

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

7.5CVSS7.1AI score

OSV•added 2019/12/25 12:15 a.m.•3 views

DEBIAN-CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

7.5CVSS7.3AI score0.00904EPSS

NVD•added 2019/12/25 12:15 a.m.•14 views

CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

5.3CVSS5.3AI score0.00955EPSS

NVD•added 2019/12/25 12:15 a.m.•9 views

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

7.5CVSS7.6AI score0.00904EPSS

NVD•added 2019/12/25 12:15 a.m.•17 views

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

5.3CVSS5.2AI score0.00955EPSS

OSV•added 2019/12/25 12:15 a.m.•3 views

DEBIAN-CVE-2019-19963

5.3CVSS5.7AI score0.00955EPSS

OSV•added 2019/12/25 12:15 a.m.•1 views

DEBIAN-CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

5.3CVSS6AI score0.00955EPSS