5.8

CVE-2014-2900

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YasslCyassl Version <= 2.9.0
YasslCyassl Version0.2.0
YasslCyassl Version0.3.0
YasslCyassl Version0.4.0
YasslCyassl Version0.5.0
YasslCyassl Version0.5.5
YasslCyassl Version0.6.0
YasslCyassl Version0.6.2
YasslCyassl Version0.6.3
YasslCyassl Version0.8.0
YasslCyassl Version0.9.0
YasslCyassl Version0.9.6
YasslCyassl Version0.9.8
YasslCyassl Version0.9.9
YasslCyassl Version1.0.0 Updaterc1
YasslCyassl Version1.0.0 Updaterc2
YasslCyassl Version1.0.0 Updaterc3
YasslCyassl Version1.0.2
YasslCyassl Version1.0.3
YasslCyassl Version1.0.6
YasslCyassl Version1.1.0
YasslCyassl Version1.2.0
YasslCyassl Version1.3.0
YasslCyassl Version1.4.0
YasslCyassl Version1.5.0
YasslCyassl Version1.5.4
YasslCyassl Version1.5.6
YasslCyassl Version1.6.0
YasslCyassl Version1.6.5
YasslCyassl Version1.8.0
YasslCyassl Version1.9.0
YasslCyassl Version2.0.0 Updaterc1
YasslCyassl Version2.0.0 Updaterc2
YasslCyassl Version2.0.0 Updaterc3
YasslCyassl Version2.0.2
YasslCyassl Version2.0.6
YasslCyassl Version2.0.8
YasslCyassl Version2.2.0
YasslCyassl Version2.3.0
YasslCyassl Version2.4.0
YasslCyassl Version2.4.6
YasslCyassl Version2.5.0
YasslCyassl Version2.6.0
YasslCyassl Version2.7.0
YasslCyassl Version2.8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.97% 0.574
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/oss-sec/2014/q2/126
http://seclists.org/oss-sec/2014/q2/130
http://secunia.com/advisories/57743
Vendor Advisory
http://www.securityfocus.com/bid/66780
http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
Vendor Advisory
http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
https://security.gentoo.org/glsa/201612-53