Security Flaw in WolfSSL Prior to Version 3.2.0 Affecting Server Authentication
CVE-2014-2904

7.5HIGH

Key Information:

Vendor

Wolfssl

Status
Wolfssl
Vendor
CVE Published:
21 November 2019

What is CVE-2014-2904?

WolfSSL versions prior to 3.2.0 contain a vulnerability where the server certificate is not adequately authorized for server authentication. This flaw can lead to potential man-in-the-middle attacks, as unauthorized entities may exploit the improper validation of certificates to pose as legitimate servers. It is crucial for users of affected WolfSSL versions to update to the latest version to mitigate risks associated with this vulnerability.

References

http://www.openwall.com/lists/oss-security/2014/04/18/2
x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-2904
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792646
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.