Design/Logic Flaw

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

Default configuration

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

Design/Logic Flaw

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

UBUNTU-CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

UBUNTU-CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

UBUNTU-CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

wolfSSL encryption issue vulnerability

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 4.3.0 that stems from the program failing to properly handle calls to the...

CVE-2019-19960

The CVE-2019-19960 issue affects wolfSSL prior to 4.3.0 where wc_ecc_mulmod_ex does not properly resist side-channel attacks. This is described across multiple sources (e.g., NVD entry; wolfSSL 4.3.0-stable release). The vulnerability impacts confidentiality (as indicated by CVSS 3.1: MEDIUM, bas...

CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

CVE-2019-19962

CVE-2019-19962 affects wolfSSL older than 4.3.0. The vulnerability arises from mishandling calls to wc_SignatureGenerateHash, enabling fault injection in RSA cryptography. Impact per sources is confined to information in the provided documents; no exploitation details are given beyond fault injec...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

CVE-2019-19963

wolfSSL before 4.3.0 in a non-default configuration with DSA enabled is vulnerable. DSA signing uses the BEEA algorithm during nonce modular inversion, enabling a side-channel attack on the nonce. Affected: wolfSSL prior to 4.3.0 (non-default DSA). Remediation: upgrade to 4.3.0-stable (or apply v...

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

Unspecified vulnerability in wolfSSL (CNVD-2020-01645)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 4.3.0, which can be exploited by an attacker to perform a side-channel atta...