Wolfssl Latest Vulnerabilities

Fault Injection vulnerability in wolfssl/wolfcrypt/src/ed25519.c allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

CVE-2024-2881

WolfsslWolfcrypt8.8HIGH

Fault Injection Vulnerability Affects WolfSSL on Linux/Windows

CVE-2024-1545

WolfsslWolfcrypt8.8HIGH

Side-Channel Protection Against Cache-Line Resolution Attacks

CVE-2024-1543

WolfsslWolfssl5.5MEDIUM

Side-Channel Attack on ECDSA Nonce k Generation Reveals Significant Bias

CVE-2024-1544

WolfsslWolfssl4.1MEDIUM

Ciphersuite Downgrade Attack via Skipping Fully Parsing Server Hello

CVE-2024-5814

WolfsslWolfssl

Safe-error attack via Rowhammer leads to ECDSA key disclosure

CVE-2024-5288

Wolfssl Inc.Wolfssl5.9MEDIUM

Function MatchDomainName() vulnerable to buffer overflow due to unchecked user input

CVE-2024-5991

WolfsslWolfssl7.5HIGH

Malicious Packet Sender Can Crash or Cause Out of Bounds Read

CVE-2024-0901

WolfsslWolfssl7.5HIGH

Unauthorized Access Vulnerability in WolfSSH Server-Side State Machine Before Versions 1.4.17

CVE-2024-2873

Wolfssl Inc.Wolfssh9.1CRITICAL

Buffer Over-Read Vulnerability in wolfSSL Prior to 5.6.6

CVE-2023-6936

WolfsslWolfssl9.1CRITICAL

wolfSSL did not check that messages in one (D)TLS record do not span key boundaries

CVE-2023-6937

WolfsslWolfssl5.3MEDIUM

Marvin Attack Vulnerability Affects wolfSSL SP Math All RSA Implementation

CVE-2023-6935

wolfSSLwolfSSL5.9MEDIUM

TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

CVE-2023-3724

WolfsslWolfssl9.1CRITICAL

Buffer Over-Read Vulnerability in wolfSSL Product

CVE-2022-42905

WolfsslWolfssl9.1CRITICAL

Fault Injection Vulnerability in wolfSSL Affects ECDSA Key Security

CVE-2022-42961

WolfsslWolfssl5.3MEDIUM

Buffer Overflow Vulnerability in wolfSSL During TLS 1.3 Handshake

CVE-2022-39173

WolfsslWolfssl7.5HIGH

Denial of Service Vulnerability in wolfSSL Client Component

CVE-2021-44718

WolfsslWolfssl5.9MEDIUM

Man-in-the-Middle Vulnerability in wolfSSL Product

CVE-2022-38153

WolfsslWolfssl5.9MEDIUM

Denial of Service Vulnerability in wolfSSL Software

CVE-2022-38152

WolfsslWolfssl7.5HIGH

Denial of Service Vulnerability in wolfSSL by wolfSSL

CVE-2022-34293

WolfsslWolfssl7.5HIGH

Mutual Authentication Vulnerability in wolfSSL TLS 1.3 Implementation

CVE-2022-25640

WolfsslWolfssl👾🟡7.5HIGH

Certificate Validation Vulnerability in wolfSSL TLS 1.3 Client Authentication

CVE-2022-25638

WolfsslWolfssl6.5MEDIUM

Improper IV Initialization in wolfSSL TLS Implementations

CVE-2022-23408

WolfsslWolfssl9.1CRITICAL

Heap-based Buffer Overflow in wolfMQTT by wolfSSL

CVE-2021-45936

WolfsslWolfMQtt5.5MEDIUM

Heap-Based Buffer Overflow in wolfMQTT from wolfSSL

CVE-2021-45933

WolfsslWolfMQtt5.5MEDIUM

Vulnerability Published:

Sort By:

30 August 2024

Fault Injection vulnerability in wolfssl/wolfcrypt/src/ed25519.c allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

29 August 2024

Fault Injection Vulnerability Affects WolfSSL on Linux/Windows

Side-Channel Protection Against Cache-Line Resolution Attacks

27 August 2024

Side-Channel Attack on ECDSA Nonce k Generation Reveals Significant Bias

Ciphersuite Downgrade Attack via Skipping Fully Parsing Server Hello

Safe-error attack via Rowhammer leads to ECDSA key disclosure

Function MatchDomainName() vulnerable to buffer overflow due to unchecked user input

25 March 2024

Malicious Packet Sender Can Crash or Cause Out of Bounds Read

Unauthorized Access Vulnerability in WolfSSH Server-Side State Machine Before Versions 1.4.17

20 February 2024

Buffer Over-Read Vulnerability in wolfSSL Prior to 5.6.6

15 February 2024

wolfSSL did not check that messages in one (D)TLS record do not span key boundaries

9 February 2024

Marvin Attack Vulnerability Affects wolfSSL SP Math All RSA Implementation

17 July 2023

TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

7 November 2022

Buffer Over-Read Vulnerability in wolfSSL Product

15 October 2022

Fault Injection Vulnerability in wolfSSL Affects ECDSA Key Security

29 September 2022

Buffer Overflow Vulnerability in wolfSSL During TLS 1.3 Handshake

2 September 2022

Denial of Service Vulnerability in wolfSSL Client Component

31 August 2022

Man-in-the-Middle Vulnerability in wolfSSL Product

Denial of Service Vulnerability in wolfSSL Software

8 August 2022

Denial of Service Vulnerability in wolfSSL by wolfSSL

24 February 2022

Mutual Authentication Vulnerability in wolfSSL TLS 1.3 Implementation

Certificate Validation Vulnerability in wolfSSL TLS 1.3 Client Authentication

18 January 2022

Improper IV Initialization in wolfSSL TLS Implementations

1 January 2022

Heap-based Buffer Overflow in wolfMQTT by wolfSSL

Heap-Based Buffer Overflow in wolfMQTT from wolfSSL