Wolfssl

Wolfssl

143 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.49%
  • Veröffentlicht 19.03.2026 20:09:27
  • Zuletzt bearbeitet 26.03.2026 18:21:41

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and t...

  • EPSS 0.13%
  • Veröffentlicht 19.03.2026 19:46:58
  • Zuletzt bearbeitet 23.03.2026 18:57:07

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, po...

  • EPSS 0.27%
  • Veröffentlicht 19.03.2026 19:37:23
  • Zuletzt bearbeitet 23.03.2026 18:56:41

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions ...

  • EPSS 0.15%
  • Veröffentlicht 19.03.2026 18:12:26
  • Zuletzt bearbeitet 29.04.2026 17:28:53

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults th...

Exploit
  • EPSS 0.47%
  • Veröffentlicht 19.03.2026 17:45:16
  • Zuletzt bearbeitet 29.04.2026 18:41:38

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized...

  • EPSS 0.12%
  • Veröffentlicht 19.03.2026 17:25:42
  • Zuletzt bearbeitet 29.04.2026 18:42:47

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, al...

  • EPSS 0.13%
  • Veröffentlicht 19.03.2026 17:10:22
  • Zuletzt bearbeitet 29.04.2026 18:47:49

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSS...

  • EPSS 0.25%
  • Veröffentlicht 19.03.2026 17:00:10
  • Zuletzt bearbeitet 29.04.2026 18:48:38

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. ...

  • EPSS 0.1%
  • Veröffentlicht 19.03.2026 16:54:33
  • Zuletzt bearbeitet 29.04.2026 18:50:05

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to Enc...

  • EPSS 0.12%
  • Veröffentlicht 11.12.2025 17:09:59
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through ...