Wolfssl

Wolfssl

89 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-42961

  • EPSS 0.24%
  • Veröffentlicht 15.10.2022 04:15:17
  • Zuletzt bearbeitet 14.05.2025 15:15:53

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC sig...

7.5

CVE-2022-39173

Exploit
  • EPSS 1.37%
  • Veröffentlicht 29.09.2022 01:15:11
  • Zuletzt bearbeitet 20.05.2025 20:15:23

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Bot...

5.9

CVE-2021-44718

  • EPSS 0.21%
  • Veröffentlicht 02.09.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:31:27

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages tha...

5.9

CVE-2022-38153

Exploit
  • EPSS 0.57%
  • Veröffentlicht 31.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:54

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects...

7.5

CVE-2022-38152

Exploit
  • EPSS 2.71%
  • Veröffentlicht 31.08.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:54

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS ...

7.5

CVE-2022-34293

  • EPSS 0.96%
  • Veröffentlicht 08.08.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:09:14

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

7.5

CVE-2022-25640

  • EPSS 5.1%
  • Veröffentlicht 24.02.2022 15:15:32
  • Zuletzt bearbeitet 21.11.2024 06:52:29

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

6.5

CVE-2022-25638

  • EPSS 0.15%
  • Veröffentlicht 24.02.2022 15:15:32
  • Zuletzt bearbeitet 21.11.2024 06:52:29

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

9.1

CVE-2022-23408

  • EPSS 0.28%
  • Veröffentlicht 18.01.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:31

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in ...

5.9

CVE-2021-38597

  • EPSS 0.18%
  • Veröffentlicht 12.08.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:37

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.