Filtered by vendor Wolfssl
Subscribe
Total
58 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38153 | 1 Wolfssl | 1 Wolfssl | 2023-03-01 | N/A | 5.9 MEDIUM |
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | |||||
CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2023-03-01 | N/A | 7.5 HIGH |
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | |||||
CVE-2022-42905 | 1 Wolfssl | 1 Wolfssl | 2023-02-15 | N/A | 9.1 CRITICAL |
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) | |||||
CVE-2022-39173 | 1 Wolfssl | 1 Wolfssl | 2023-02-15 | N/A | 7.5 HIGH |
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. | |||||
CVE-2009-4484 | 5 Canonical, Debian, Mariadb and 2 more | 5 Ubuntu Linux, Debian Linux, Mariadb and 2 more | 2023-02-14 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. | |||||
CVE-2017-2800 | 1 Wolfssl | 1 Wolfssl | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. | |||||
CVE-2020-15309 | 1 Wolfssl | 1 Wolfssl | 2022-11-16 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | |||||
CVE-2016-7440 | 4 Debian, Mariadb, Oracle and 1 more | 4 Debian Linux, Mariadb, Mysql and 1 more | 2022-10-27 | 2.1 LOW | 5.5 MEDIUM |
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | |||||
CVE-2022-42961 | 1 Wolfssl | 1 Wolfssl | 2022-10-20 | N/A | 5.3 MEDIUM |
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | |||||
CVE-2021-44718 | 1 Wolfssl | 1 Wolfssl | 2022-09-08 | N/A | 5.9 MEDIUM |
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | |||||
CVE-2015-7744 | 3 Mariadb, Opensuse, Wolfssl | 4 Mariadb, Leap, Opensuse and 1 more | 2022-08-29 | 2.6 LOW | 5.9 MEDIUM |
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. | |||||
CVE-2022-34293 | 1 Wolfssl | 1 Wolfssl | 2022-08-12 | N/A | 7.5 HIGH |
wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | |||||
CVE-2019-11873 | 1 Wolfssl | 1 Wolfssl | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack. | |||||
CVE-2022-25640 | 1 Wolfssl | 1 Wolfssl | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. | |||||
CVE-2022-25638 | 1 Wolfssl | 1 Wolfssl | 2022-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. | |||||
CVE-2022-23408 | 1 Wolfssl | 1 Wolfssl | 2022-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c. | |||||
CVE-2021-45939 | 1 Wolfssl | 1 Wolfmqtt | 2022-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). | |||||
CVE-2021-45938 | 1 Wolfssl | 1 Wolfmqtt | 2022-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). | |||||
CVE-2021-45937 | 1 Wolfssl | 1 Wolfmqtt | 2022-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). | |||||
CVE-2021-45936 | 1 Wolfssl | 1 Wolfmqtt | 2022-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType). |