CVE-2021-3336

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate. The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3...

CVE-2021-37155

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...

CVE-2020-12457

An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply loop, i.e., a denial of...

CVE-2020-36177

RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size...

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

CVE-2020-11713

wolfSSL 4.3.0 has mulmod code in wceccmulmodex in ecc.c that does not properly resist timing side-channel attacks...

CVE-2019-14317

wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...

CVE-2019-13628

wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

CVE-2019-19960

In wolfSSL before 4.3.0, wceccmulmodex does not properly resist side-channel attacks...

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

CVE-2017-8855

wolfSSL before 3.11.0 does not prevent wcDhAgree from accepting a malformed DH key...

CVE-2017-8854

wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file...

CVE-2018-12436

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physic...

CVE-2019-15651

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a crafted DER certificate in GetLengthex...

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Summary: When using wolfSSL as the TLS backend, certificate pinning does not work when using HTTP/3. The code should invoke wsslverifypinned, but it has not been implemented. Affected version curl -V WARNING: this libcurl is Debug-enabled, do not use in production curl 8.13.0 x8664-pc-linux-gnu...

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSLX509checkhost is only called when peer-sni is not NULL. However, when an IP address is specified, peer-sni is NULL, so the...

Linux Distros Unpatched Vulnerability : CVE-2024-5288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULT...

Linux Distros Unpatched Vulnerability : CVE-2024-5991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function...

Linux Distros Unpatched Vulnerability : CVE-2024-2881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker...