Search
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38597 | 1 Wolfssl | 1 Wolfssl | 2021-08-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | |||||
| CVE-2021-24116 | 1 Wolfssl | 1 Wolfssl | 2021-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | |||||
| CVE-2019-14317 | 1 Wolfssl | 1 Wolfssl | 2021-07-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. | |||||
| CVE-2020-11735 | 1 Wolfssl | 1 Wolfssl | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | |||||
| CVE-2020-24613 | 1 Wolfssl | 1 Wolfssl | 2020-09-01 | 4.9 MEDIUM | 6.8 MEDIUM |
| wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | |||||
| CVE-2020-24585 | 1 Wolfssl | 1 Wolfssl | 2020-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. | |||||
| CVE-2019-19963 | 1 Wolfssl | 1 Wolfssl | 2020-01-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. | |||||
| CVE-2019-19960 | 1 Wolfssl | 1 Wolfssl | 2020-01-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | |||||
| CVE-2016-7440 | 3 Mariadb, Oracle, Wolfssl | 3 Mariadb, Mysql, Wolfssl | 2019-12-17 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | |||||
| CVE-2019-13628 | 1 Wolfssl | 1 Wolfssl | 2019-10-10 | 1.2 LOW | 4.7 MEDIUM |
| wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. | |||||
| CVE-2018-16870 | 1 Wolfssl | 1 Wolfssl | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. | |||||
| CVE-2017-13099 | 3 Arubanetworks, Siemens, Wolfssl | 4 Instant, Scalance W1750d, Scalance W1750d Firmware and 1 more | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." | |||||
| CVE-2017-6076 | 1 Wolfssl | 1 Wolfssl | 2019-03-13 | 2.1 LOW | 5.5 MEDIUM |
| In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | |||||
| CVE-2015-7744 | 2 Opensuse, Wolfssl | 3 Leap, Opensuse, Wolfssl | 2018-10-30 | 2.6 LOW | 5.9 MEDIUM |
| wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. | |||||
| CVE-2018-12436 | 1 Wolfssl | 1 Wolfssl | 2018-08-06 | 1.9 LOW | 4.7 MEDIUM |
| wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2014-2903 | 1 Wolfssl | 1 Wolfssl | 2017-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | |||||
| CVE-2016-7439 | 1 Wolfssl | 1 Wolfssl | 2016-12-24 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||
| CVE-2016-7438 | 1 Wolfssl | 1 Wolfssl | 2016-12-24 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||