1527 matches found
CVE-2014-2900
CVE-2014-2900 affects wolfSSL’s CyaSSL prior to 2.9.4. The vulnerability stems from improper validation of X.509 certificates with unknown critical extensions, enabling MITM attackers to spoof servers via crafted certificates. Affected software: CyaSSL/wolfSSL before 2.9.4. Impact: potential serv...
CVE-2014-2900
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate...
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...
Design/Logic Flaw
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...
CVE-2013-1623
Technical details about CVE-2013-1623 are not provided in the connected documents. Monitoring for updates is advised; no product, impact, or remediation specifics are disclosed here.
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...