Filtered by vendor Wolfssl
Subscriptions
Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. | ||||
| CVE-2023-6935 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.9 Medium |
| wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed. | ||||
| CVE-2023-3724 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.1 Critical |
| If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. | ||||
| CVE-2022-38153 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.9 Medium |
| An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | ||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | ||||
| CVE-2022-34293 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | ||||
| CVE-2022-25640 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. | ||||
| CVE-2022-25638 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 6.5 Medium |
| In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. | ||||
| CVE-2022-23408 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.1 Critical |
| wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c. | ||||
| CVE-2021-45939 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). | ||||
| CVE-2021-45938 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). | ||||
| CVE-2021-45937 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). | ||||
| CVE-2021-45936 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType). | ||||
| CVE-2021-45934 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType). | ||||
| CVE-2021-45933 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). | ||||
| CVE-2021-45932 | 1 Wolfssl | 1 Wolfmqtt | 2024-11-21 | 5.5 Medium |
| wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). | ||||
| CVE-2021-44718 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.9 Medium |
| wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | ||||
| CVE-2021-3336 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 8.1 High |
| DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. | ||||
| CVE-2021-38597 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.9 Medium |
| wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | ||||
| CVE-2021-37155 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | ||||