Wolfssl

Wolfssl

111 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2026-3579

  • EPSS 0.01%
  • Veröffentlicht 19.03.2026 19:37:23
  • Zuletzt bearbeitet 23.03.2026 18:56:41

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions ...

5.2

CVE-2026-3503

  • EPSS 0.01%
  • Veröffentlicht 19.03.2026 18:12:26
  • Zuletzt bearbeitet 29.04.2026 17:28:53

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults th...

9.8

CVE-2026-3548

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 17:45:16
  • Zuletzt bearbeitet 29.04.2026 18:41:38

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized...

8.1

CVE-2026-2646

  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 17:25:42
  • Zuletzt bearbeitet 29.04.2026 18:42:47

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, al...

7.5

CVE-2026-2645

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 17:10:22
  • Zuletzt bearbeitet 29.04.2026 18:47:49

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSS...

5.3

CVE-2026-1005

  • EPSS 0.05%
  • Veröffentlicht 19.03.2026 17:00:10
  • Zuletzt bearbeitet 29.04.2026 18:48:38

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. ...

7.1

CVE-2026-0819

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 16:54:33
  • Zuletzt bearbeitet 29.04.2026 18:50:05

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to Enc...

1

CVE-2025-13912

  • EPSS 0.01%
  • Veröffentlicht 11.12.2025 17:09:59
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through ...

4.3

CVE-2025-11932

  • EPSS 0.02%
  • Veröffentlicht 21.11.2025 23:15:44
  • Zuletzt bearbeitet 04.12.2025 16:09:31

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder

5.4

CVE-2025-12889

  • EPSS 0.02%
  • Veröffentlicht 21.11.2025 23:06:59
  • Zuletzt bearbeitet 04.12.2025 15:43:04

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.