Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wolfssl Subscribe
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6076 1 Wolfssl 1 Wolfssl 2019-03-13 2.1 LOW 5.5 MEDIUM
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
CVE-2018-12436 1 Wolfssl 1 Wolfssl 2018-08-06 1.9 LOW 4.7 MEDIUM
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVE-2014-2903 1 Wolfssl 1 Wolfssl 2017-10-17 4.3 MEDIUM 5.9 MEDIUM
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
CVE-2017-8854 1 Wolfssl 1 Wolfssl 2017-05-17 6.8 MEDIUM 7.8 HIGH
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
CVE-2016-7438 1 Wolfssl 1 Wolfssl 2016-12-24 2.1 LOW 5.5 MEDIUM
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-7439 1 Wolfssl 1 Wolfssl 2016-12-24 2.1 LOW 5.5 MEDIUM
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2015-6925 1 Wolfssl 1 Wolfssl 2016-01-25 5.0 MEDIUM 7.5 HIGH
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.