Linux Distros Unpatched Vulnerability : CVE-2017-13099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover th...

Linux Distros Unpatched Vulnerability : CVE-2020-15309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key...

Linux Distros Unpatched Vulnerability : CVE-2022-25638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the...

Linux Distros Unpatched Vulnerability : CVE-2020-11713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.3.0 has mulmod code in wceccmulmodex in ecc.c that does not properly resist timing side- channel attacks. CVE-2020-11713 Note that Nessus relies on th...

Linux Distros Unpatched Vulnerability : CVE-2019-6439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - examples/benchmark/tlsbench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. CVE-2019-6439 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2021-3336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior sending an ED22519, ED448, ECC, or RSA...

Linux Distros Unpatched Vulnerability : CVE-2019-11873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a craft...

Linux Distros Unpatched Vulnerability : CVE-2022-42905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buff...

Linux Distros Unpatched Vulnerability : CVE-2019-13628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable- sp-math contain a timing side channel in ECDSA signatu...

Linux Distros Unpatched Vulnerability : CVE-2019-15651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a...

Linux Distros Unpatched Vulnerability : CVE-2016-7440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by...

Linux Distros Unpatched Vulnerability : CVE-2016-7438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...

Linux Distros Unpatched Vulnerability : CVE-2015-7744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key...

Linux Distros Unpatched Vulnerability : CVE-2017-6076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions of wolfSSL before 3.10.2 the function fpmulcomba makes it easier to extract RSA key information for a malicious user who has access to view cache on...

Linux Distros Unpatched Vulnerability : CVE-2016-7439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...

Linux Distros Unpatched Vulnerability : CVE-2017-2800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation...

Linux Distros Unpatched Vulnerability : CVE-2017-8854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file...

Linux Distros Unpatched Vulnerability : CVE-2018-12436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or...

Linux Distros Unpatched Vulnerability : CVE-2015-6925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL formerly CyaSSL before 3.6.8 allows remote attackers to cause a denial of service resource consumption or traffic amplification via a crafted DTLS cooki...

Linux Distros Unpatched Vulnerability : CVE-2017-8855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL before 3.11.0 does not prevent wcDhAgree from accepting a malformed DH key. CVE-2017-8855 Note that Nessus relies on the presence of the package as...