1495 matches found
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a stack buffer overflow in the PKCS7 SignedData encoding function. When...
PT-2026-26322
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL d2i SSL SESSION function. When deserializing session data with SESSION CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Version 5.8.4 of wolfSSL contains a security vulnerability. This vulnerability stems from the constant-time masking logic in...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US-based wolfSSL company, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a heap buffer overflow in the wolfSSLd2iSSLSESSION function. When...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. WolfSSL CyaSSL versions 5.8.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a 1-byte out-of-bounds hea...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Versions of wolfSSL CyaSSL 5.8.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from out-of-bounds...
PT-2026-26313
Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl DecodePacket. The underflow wraps a 16-bit length to a large...
PT-2026-26349
Stack Buffer Overflow in wc HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...
PT-2026-26338
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVE ALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process cras...
PT-2026-26339
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...
PT-2026-26366
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key share extension,...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from integer overflow in the static function wolfssladdtochain. This...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL CyaSSL has security vulnerabilities; these vulnerabilities stem from two buffer overflow vulnerabilities in the CRL parser’s...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL. This vulnerability stems from a protection mechanism that fails in the post-quantum...
PT-2026-26321
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.8.4 Description A flaw existed in the TLS 1.2 server state machine implementation where the server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message was received. This issue...
PT-2026-26312
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc PKCS7 BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available spa...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. Versions of wolfSSL prior to 5.8.4 contained a security vulnerability. This vulnerability stemmed from an integer underflow in the AEA...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Versions of wolfSSL CyaSSL prior to version 5.8.4 contained security vulnerabilities. These vulnerabilities stemmed from logical...
Linux Distros Unpatched Vulnerability : CVE-2026-3503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker ...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the lack of necessary encryption steps in the TLS...