Wolfssl

Wolfssl

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-6937

  • EPSS 0.58%
  • Veröffentlicht 15.02.2024 18:15:44
  • Zuletzt bearbeitet 21.02.2025 15:03:59

wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3...

5.9

CVE-2023-6935

  • EPSS 0.26%
  • Veröffentlicht 09.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:44:52

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STA...

8.8

CVE-2023-3724

  • EPSS 0.08%
  • Veröffentlicht 17.07.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:17:55

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session mast...

9.1

CVE-2022-42905

  • EPSS 4.07%
  • Veröffentlicht 07.11.2022 00:15:09
  • Zuletzt bearbeitet 02.05.2025 19:15:54

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging....

5.3

CVE-2022-42961

  • EPSS 0.24%
  • Veröffentlicht 15.10.2022 04:15:17
  • Zuletzt bearbeitet 14.05.2025 15:15:53

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC sig...

7.5

CVE-2022-39173

Exploit
  • EPSS 0.95%
  • Veröffentlicht 29.09.2022 01:15:11
  • Zuletzt bearbeitet 20.05.2025 20:15:23

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Bot...

5.9

CVE-2021-44718

  • EPSS 0.55%
  • Veröffentlicht 02.09.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:31:27

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages tha...

5.9

CVE-2022-38153

Exploit
  • EPSS 3.77%
  • Veröffentlicht 31.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:54

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects...

7.5

CVE-2022-38152

Exploit
  • EPSS 5.79%
  • Veröffentlicht 31.08.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:54

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS ...

7.5

CVE-2022-34293

  • EPSS 0.96%
  • Veröffentlicht 08.08.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:09:14

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.