📦 Wolfssl

This vulnerability in wolfSSL's OpenSSL compatibility layer causes predictable random number generation after fork() operations, potentially leading to weak cryptographic keys. It affects applications...

This vulnerability in wolfSSL's TLS 1.3 implementation allows an attacker to compromise TLS session encryption when a client connects to a malicious server. Attackers can reconstruct session keys and ...

This vulnerability in wolfSSL allows attackers to decrypt TLS/DTLS traffic when using AES-CBC or DES3 without AEAD protection. It affects systems using wolfSSL 5.x before 5.1.1 for TLS 1.1/1.2 or DTLS...

This vulnerability in wolfSSL allows attackers to bypass OCSP (Online Certificate Status Protocol) validation by providing mismatched serial numbers between requests and responses. This could enable m...

This vulnerability in wolfSSL's RSA-PSS padding implementation allows an out-of-bounds write when processing certain cryptographic operations. Attackers can exploit this to execute arbitrary code or c...

This vulnerability allows attackers to extract private keys from X25519 cryptographic implementations on Xtensa-based ESP32 chips through timing side-channel attacks. The issue stems from compiler opt...

An integer underflow vulnerability in wolfSSL's XChaCha20-Poly1305 decryption function allows attackers to cause out-of-bounds memory access when processing maliciously crafted data. This affects appl...

This TLS 1.3 vulnerability allows malicious servers to bypass perfect forward secrecy (PFS) requirements when using pre-shared keys (PSK). Clients may unknowingly establish connections without PFS, re...

CVE-2024-5991 is an out-of-bounds read vulnerability in wolfSSL's X509 certificate hostname validation. Attackers can cause the library to read beyond allocated memory boundaries when processing non-N...

This vulnerability in wolfSSL allows TLS 1.3 clients to bypass mutual authentication requirements by omitting the certificate_verify message during handshake. It affects servers using wolfSSL for TLS ...

This TLS 1.2 vulnerability allows clients to use weaker cryptographic digests during certificate authentication than what the server requested, potentially enabling downgrade attacks. It affects syste...

A vulnerability in wolfSSL's TLS 1.3 CKS extension parsing allows remote attackers to cause denial-of-service by sending crafted ClientHello messages with duplicate CKS extensions. This affects wolfSS...

A denial-of-service vulnerability in wolfSSL v5.8.2 allows remote attackers to crash TLS 1.3 connections by sending malicious ClientHello messages with duplicate KeyShareEntry values. This affects any...

CVE-2025-7396 is a side-channel vulnerability in wolfSSL 5.8.2 where Curve25519 blinding is enabled by default only for C implementations, leaving ARM/Intel assembly builds and small Curve25519 featur...

This CVE describes a fault injection vulnerability in the RsaPrivateDecryption function of WolfSSL, allowing a co-resident attacker on the same system to potentially disclose sensitive information or ...

This TLS protocol vulnerability allows a malicious TLS 1.2 server to force a TLS 1.3 client with downgrade capability to use an unintended ciphersuite, potentially enabling downgrade attacks. It affec...