CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1490 matches found

UbuntuCve•added 2024/02/09 11:15 p.m.•179 views

CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS6.1AI score0.00539EPSS

Exploits0References2

Prion•added 2024/02/09 11:15 p.m.•10 views

Code injection

2.6CVSS7AI score0.00539EPSS

Exploits0References2

OSV•added 2024/02/09 11:15 p.m.•0 views

UBUNTU-CVE-2023-6935

5.9CVSS6.2AI score0.00539EPSS

Exploits0References3

Vulnrichment•added 2024/02/09 10:25 p.m.•93 views

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

5.9CVSS6.6AI score0.00539EPSS

Exploits0References2

Cvelist•added 2024/02/09 10:25 p.m.•22 views

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

5.9CVSS5.8AI score0.00539EPSS

Exploits0References2

CVE•added 2024/02/09 10:25 p.m.•416 views

CVE-2023-6935

The CVE-2023-6935 entry concerns wolfSSL SP Math All RSA when built with static RSA (WOLFSSL_STATIC_RSA). The Marvin Attack, a timing Bleichenbacher-style attack variant, can decrypt ciphertexts and forge signatures after many observations. However, the default builds since wolfSSL 3.6.6 disable ...

5.9CVSS5.5AI score0.00539EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/02/09 10:25 p.m.•316 views

CVE-2023-6935

5.9CVSS5.6AI score0.00539EPSS

Exploits0

AlpineLinux•added 2024/02/09 10:25 p.m.•315 views

CVE-2023-6935

5.9CVSS5.6AI score0.00539EPSS

Exploits0

CNNVD•added 2024/02/09 12:0 a.m.•3 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

5.9CVSS6.8AI score0.00539EPSS

Exploits0References3

Positive Technologies•added 2024/02/09 12:0 a.m.•2 views

PT-2024-2373 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 3.6.6 Description: The issue is related to the wolfSSL SP Math All RSA implementation being vulnerable to the Marvin Attack, a new variation of a timing Bleichenbacher style attack. This vulnerability is specific to...

5.9CVSS7.2AI score0.00539EPSS

Exploits0References17

Veracode•added 2024/01/30 6:46 p.m.•13 views

Key Boundary Confusion

wolfssl is vulnerable to Key Boundary Confusion attack. The vulnerability is due to wolfSSL failing to enforce boundaries between DTLS messages handled by different keys, allowing for the amalgamation of messages meant for different security contexts into a single record...

5.3CVSS6.7AI score0.00513EPSS

Exploits0References4Affected Software1

Veracode•added 2024/01/30 6:46 p.m.•21 views

Marvin Attack

wolfssl is vulnerable to Marvin Attack. The vulnerability is due to the implementation of the RSA cipher within the wolfSSL library, when Enables static RSA cipher suites using the "--enable-all" option and the "-DWOLFSSLSTATICRSA" CFLAGS option.It allows an attacker to decrypt ciphertexts and...

5.9CVSS7AI score0.00539EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2023/11/30 12:0 a.m.•2 views

PT-2023-9405

Name of the Vulnerable Software and Affected Versions WolfSSL affected versions not specified Description The issue is related to the generation of the ECDSA nonce k, where a random number r is selected and then reduced modulo n, the order of the elliptic curve. The division used during the...

4.9CVSS5.9AI score0.00349EPSS

Exploits0References15

Snyk•added 2023/07/21 11:57 a.m.•2 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness. If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value whe...

9.1CVSS9.1AI score0.00541EPSS

Exploits0References2

NVD•added 2023/07/17 10:15 p.m.•16 views

CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

9.1CVSS0.00541EPSS

Exploits0References2

OSV•added 2023/07/17 10:15 p.m.•2 views

DEBIAN-CVE-2023-3724

8.8CVSS8.3AI score0.00541EPSS

Exploits0References1

OSV•added 2023/07/17 10:15 p.m.•12 views

CVE-2023-3724

8.8CVSS7.3AI score

Exploits0References2

UbuntuCve•added 2023/07/17 10:15 p.m.•15 views

CVE-2023-3724