Known Vulnerabilities for products from Wolfssl
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wolfssl".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23408 | wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-C... | 9.1 - CRITICAL | 2022-01-18 | 2022-01-27 |
| CVE-2021-38597 | wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the ... | 5.9 - MEDIUM | 2021-08-12 | 2021-08-23 |
| CVE-2021-37155 | wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs... | 9.8 - CRITICAL | 2021-07-21 | 2021-07-29 |
| CVE-2021-24116 | In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attack... | 4.9 - MEDIUM | 2021-07-14 | 2021-07-22 |
| CVE-2021-3336 | DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (se... | 8.1 - HIGH | 2021-01-29 | 2021-03-04 |
| CVE-2020-36177 | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key si... | 9.8 - CRITICAL | 2021-01-06 | 2021-01-12 |
| CVE-2020-24613 | wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.... | 6.8 - MEDIUM | 2020-08-24 | 2020-09-01 |
| CVE-2020-24585 | An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in... | 5.3 - MEDIUM | 2020-08-21 | 2020-08-26 |
| CVE-2020-15309 | An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-t... | 7 - HIGH | 2020-08-21 | 2022-11-16 |
| CVE-2020-12457 | An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS ... | 7.5 - HIGH | 2020-08-21 | 2021-07-21 |
| CVE-2020-11735 | The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine... | 5.3 - MEDIUM | 2020-06-25 | 2021-07-21 |
| CVE-2020-11713 | wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 7.5 - HIGH | 2020-04-12 | 2022-01-01 |
| CVE-2019-19963 | An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEE... | 5.3 - MEDIUM | 2019-12-25 | 2020-01-02 |
| CVE-2019-19962 | wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 - HIGH | 2019-12-25 | 2021-07-21 |
| CVE-2019-19960 | In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | 5.3 - MEDIUM | 2019-12-25 | 2020-01-02 |
| CVE-2019-18840 | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while h... | 7.5 - HIGH | 2019-11-09 | 2019-11-12 |
| CVE-2019-16748 | In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshak... | 9.8 - CRITICAL | 2019-09-24 | 2019-09-24 |
| CVE-2019-15651 | wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the A... | 9.8 - CRITICAL | 2019-08-26 | 2019-09-03 |
| CVE-2019-14317 | wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker ... | 5.3 - MEDIUM | 2019-12-11 | 2021-07-21 |
| CVE-2019-13628 | wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a ... | 4.7 - MEDIUM | 2019-10-03 | 2019-10-10 |