PT-2024-6325 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions through 5.7.0 Description: The issue is related to the function MatchDomainName in the wolfSSL library, where the input parameter str is treated as a NULL terminated string despite being user-provided and unchecked. This can...

PT-2022-12209 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions through 5.0.0 Description: The issue allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle MITM position. The root cause is that the...

DEBIAN-CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

DEBIAN-CVE-2019-18840

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location...