1495 matches found
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Versions of wolfSSL CyaSSL prior to version 5.8.4 contained security vulnerabilities. These vulnerabilities stemmed from logical...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the lack of necessary encryption steps in the TLS...
PT-2026-26368
Heap-based buffer overflow in the KCAPI ECC code path of wc ecc import x963 ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey raw buffer via a crafted oversized EC public key point. The WOLFSSL KCAPI ECC code path copies the input to...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US-based wolfSSL company, designed for developers working with embedded systems. Version 5.8.4 of wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from a stack buffer overflow issue in...
Linux Distros Unpatched Vulnerability : CVE-2026-3503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker ...
Azure Linux 3.0 Security Update: cmake (CVE-2024-2379)
The version of cmake installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2379 advisory. - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-13912)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-13912 advisory. - Multiple constant-time implementations in wolfSSL before version 5.8.4 May be transformed into...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-13912)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-13912 advisory. - Multiple constant-time implementations in wolfSSL before version 5.8.4 May be transformed into...
CVE-2025-11624
creationtimestamp| type| source ---|---|--- 2026-01-09 17:52:18+00:00| seen| https://bsky.app/profile/wolfssl.com/post/3mbz2rv76u222...
CVE-2022-38152
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...
CVE-2022-38153
An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...
CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...
CVE-2019-18840
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location...
GHSA-VJ87-JJ27-4H9C wolfSSL Python module vulnerable to Improper Authentication
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
EUVD-2026-1463
wolfSSL Python module vulnerable to Improper Authentication...
wolfSSL Python module vulnerable to Improper Authentication
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
DEBIAN-CVE-2025-15346
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
CVE-2025-15346
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
CVE-2025-15346
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
wolfssl-py 安全漏洞
wolfssl-py is an open source Python packaging tool from wolfSSL. A security vulnerability exists in wolfssl-py version 5.8.2 and earlier that stems from not fully enforcing client certificate requirements, which could lead to improper authentication and bypassing mutual TLS client authentication...