Filtered by vendor Wolfssl
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19963 | 1 Wolfssl | 1 Wolfssl | 2024-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. | |||||
| CVE-2014-2897 | 1 Wolfssl | 1 Wolfssl | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | |||||
| CVE-2014-2898 | 1 Wolfssl | 1 Wolfssl | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | |||||
| CVE-2019-18840 | 1 Wolfssl | 1 Wolfssl | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | |||||