Wolfssl

Wolfssl

143 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 09.04.2026 21:16:13
  • Zuletzt bearbeitet 29.04.2026 17:21:51

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

  • EPSS 0.26%
  • Veröffentlicht 09.04.2026 21:16:12
  • Zuletzt bearbeitet 29.04.2026 17:25:21

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no inte...

  • EPSS 0.28%
  • Veröffentlicht 09.04.2026 20:16:28
  • Zuletzt bearbeitet 16.04.2026 20:39:33

Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write ...

Medienbericht
  • EPSS 0.47%
  • Veröffentlicht 09.04.2026 20:16:28
  • Zuletzt bearbeitet 16.04.2026 20:37:11

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced sec...

  • EPSS 0.1%
  • Veröffentlicht 19.03.2026 21:17:46
  • Zuletzt bearbeitet 29.04.2026 17:27:15

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS E...

  • EPSS 0.06%
  • Veröffentlicht 19.03.2026 21:17:12
  • Zuletzt bearbeitet 26.03.2026 20:57:44

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these ...

  • EPSS 0.21%
  • Veröffentlicht 19.03.2026 21:17:12
  • Zuletzt bearbeitet 26.03.2026 18:33:37

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message...

  • EPSS 0.34%
  • Veröffentlicht 19.03.2026 20:41:55
  • Zuletzt bearbeitet 26.03.2026 18:16:37

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The...

  • EPSS 0.44%
  • Veröffentlicht 19.03.2026 20:29:30
  • Zuletzt bearbeitet 26.03.2026 18:20:36

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, lea...

  • EPSS 0.26%
  • Veröffentlicht 19.03.2026 20:20:42
  • Zuletzt bearbeitet 26.03.2026 18:27:31

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of...