CVE-2016-7440
- EPSS 0.14%
- Veröffentlicht 13.12.2016 16:59:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVE-2016-7439
- EPSS 0.13%
- Veröffentlicht 13.12.2016 16:59:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-7438
- EPSS 0.13%
- Veröffentlicht 13.12.2016 16:59:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2015-7744
- EPSS 2.66%
- Veröffentlicht 22.01.2016 15:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote att...
CVE-2015-6925
- EPSS 0.9%
- Veröffentlicht 22.01.2016 15:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.