Wolfssl CVE - OpenCVE

Filtered by vendor Wolfssl Subscribe

Total 64 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2024-5991	1 Wolfssl	1 Wolfssl	2024-09-06	N/A	7.5 HIGH
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.
CVE-2024-2881	3 Linux, Microsoft, Wolfssl	3 Linux Kernel, Windows, Wolfssl	2024-09-04	N/A	8.8 HIGH
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
CVE-2024-1545	3 Linux, Microsoft, Wolfssl	3 Linux Kernel, Windows, Wolfssl	2024-09-04	N/A	8.8 HIGH
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
CVE-2024-1543	1 Wolfssl	1 Wolfssl	2024-09-04	N/A	5.5 MEDIUM
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500

Vulnerabilities (CVE)