Information on source package wolfssl

Available versions

ReleaseVersion
bullseye4.6.0+p1-0+deb11u2
bookworm5.5.4-2+deb12u2
trixie5.7.2-0.1+deb13u1
sid5.9.2-1

Open issues

BugbullseyebookwormtrixiesidDescription
CVE-2026-55967vulnerablevulnerablevulnerable (no DSA)fixedAES-GCM encryption/decryption with extremely large cumulative single m ...
CVE-2026-55964vulnerablevulnerablevulnerable (no DSA)fixedChain intermediate CA:TRUE without keyCertSign accepted as a signing C ...
CVE-2026-55962vulnerablevulnerablevulnerable (no DSA)fixedTLS 1.3 post-handshake authentication (PHA) issue where a server could ...
CVE-2026-55961vulnerablevulnerablevulnerable (no DSA)fixedwolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) ...
CVE-2026-55960vulnerablevulnerablevulnerable (no DSA)fixedUn-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 ...
CVE-2026-55958vulnerablevulnerablevulnerable (no DSA)fixedOut-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In ...
CVE-2026-8720vulnerablevulnerablevulnerable (no DSA)fixedwc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when t ...
CVE-2026-7532vulnerablevulnerablevulnerable (no DSA)fixediPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defi ...
CVE-2026-7531vulnerablevulnerablevulnerable (no DSA)fixedUse-after-free in PQC hybrid key-share handling. This is an incomplete ...
CVE-2026-7511vulnerablevulnerablevulnerable (no DSA)fixedPKCS7_verify signer confusion allows forged signatures, where the sign ...
CVE-2026-6731vulnerablevulnerablevulnerable (no DSA)fixedX.509 name constraint bypass via the Subject Common Name when treated ...
CVE-2026-6681vulnerablevulnerablevulnerable (no DSA)fixedThe PKCS#7 decode path ignores the caller-supplied output buffer size ...
CVE-2026-6679vulnerablevulnerablevulnerable (no DSA)fixedA heap buffer overflow could occur in the DTLS 1.3 ACK serialization p ...
CVE-2026-6678vulnerablevulnerablevulnerable (no DSA)fixedInteger underflow in wc_PKCS7_DecryptOri when handling crafted Other R ...
CVE-2026-6450vulnerablevulnerablevulnerable (no DSA)fixedA CRL critical extension bypass exists in ParseCRL_Extensions where cr ...
CVE-2026-6412vulnerablevulnerablevulnerable (no DSA)fixedCertificate policy and RFC 8446 compliance concerns regarding the cont ...
CVE-2026-6331vulnerablevulnerablevulnerable (no DSA)fixedHMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-le ...
CVE-2026-6330vulnerablevulnerablevulnerable (no DSA)fixedThe ML-KEM ARM64 NEON ciphertext comparison only compares half of the ...
CVE-2026-6329vulnerablevulnerablevulnerable (no DSA)fixedPKCS#12 MAC verification uses an attacker-controlled comparison length ...
CVE-2026-6325vulnerablevulnerablevulnerable (no DSA)fixedOut-of-bounds write in SetSuitesHashSigAlgo when processing an oversiz ...
CVE-2026-6291vulnerablevulnerablevulnerable (no DSA)fixedBleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypti ...
CVE-2026-6094vulnerablevulnerablevulnerable (no DSA)fixedHeap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing craf ...
CVE-2026-6092vulnerablevulnerablevulnerable (no DSA)fixedWhen HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fal ...
CVE-2026-6091vulnerablevulnerablevulnerable (no DSA)fixedPartial-chain certificate verification may accept chains that terminat ...
CVE-2026-5778vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedInteger underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacke ...
CVE-2026-5772vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA 1-byte stack buffer over-read was identified in the MatchDomainName ...
CVE-2026-5507vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedWhen restoring a session from cache, a pointer from the serialized ses ...
CVE-2026-5504vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA padding oracle exists in wolfSSL's PKCS7 CBC decryption that could a ...
CVE-2026-5503vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedIn TLSX_EchChangeSNI, the ctx->extensions branch set extensions uncond ...
CVE-2026-5501vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedwolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a ...
CVE-2026-5500vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedwolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitiz ...
CVE-2026-5479vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedIn wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in ...
CVE-2026-5477vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedAn integer overflow existed in the wolfCrypt CMAC implementation, that ...
CVE-2026-5466vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedwolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r ...
CVE-2026-5460vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptog ...
CVE-2026-5448vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedX.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_not ...
CVE-2026-5447vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedHeap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size c ...
CVE-2026-5446vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedIn wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse ...
CVE-2026-5393vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedDual-Algorithm CertificateVerify out-of-bounds read. When processing a ...
CVE-2026-5392vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedHeap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can ...
CVE-2026-5295vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA stack buffer overflow exists in wolfSSL's PKCS7 implementation in th ...
CVE-2026-5264vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedHeap buffer overflow in DTLS 1.3 ACK message processing. A remote atta ...
CVE-2026-5263vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedURI nameConstraints from constrained intermediate CAs are parsed but n ...
CVE-2026-5194vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedMissing hash/digest size and OID checks allow digests smaller than all ...
CVE-2026-5188vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedAn integer underflow issue exists in wolfSSL when parsing the Subject ...
CVE-2026-5187vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedTwo potential heap out-of-bounds write locations existed in DecodeObje ...
CVE-2026-4395vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedHeap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import ...
CVE-2026-4159vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixed1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length e ...
CVE-2026-3849vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedStack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Confi ...
CVE-2026-3580vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedIn wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_ ...
CVE-2026-3579vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedwolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time soft ...
CVE-2026-3549vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedHeap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ...
CVE-2026-3548vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedTwo buffer overflow vulnerabilities existed in the wolfSSL CRL parser ...
CVE-2026-3547vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedOut-of-bounds read in ALPN parsing due to incomplete validation. wolfS ...
CVE-2026-3503vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedProtection mechanism failure in wolfCrypt post-quantum implementations ...
CVE-2026-3230vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedMissing required cryptographic step in the TLS 1.3 client HelloRetryRe ...
CVE-2026-3229vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedAn integer overflow vulnerability existed in the static function wolfs ...
CVE-2026-2646vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_S ...
CVE-2026-2645vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedIn wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 serv ...
CVE-2026-1005vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedInteger underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacke ...
CVE-2026-0819vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA stack buffer overflow vulnerability exists in wolfSSL's PKCS7 Signed ...
CVE-2025-13912vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedMultiple constant-time implementations in wolfSSL before version 5.8.4 ...
CVE-2025-12889vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedWith TLS 1.2 connections a client can use any digest, specifically a w ...
CVE-2025-12888vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedVulnerability in X25519 constant-time cryptographic implementations du ...
CVE-2025-11936vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedImproper input validation in the TLS 1.3 KeyShareEntry parsing in wolf ...
CVE-2025-11935vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedWith TLS 1.3 pre-shared key (PSK) a malicious or faulty server could i ...
CVE-2025-11934vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedImproper input validation in the TLS 1.3 CertificateVerify signature a ...
CVE-2025-11933vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedImproper Input Validation in the TLS 1.3 CKS extension parsing in wolf ...
CVE-2025-11932vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedThe server previously verified the TLS 1.3 PSK binder using a non-cons ...
CVE-2025-11931vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedInteger Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 ...
CVE-2025-7394vulnerable (no DSA, postponed)fixedfixedfixedIn the OpenSSL compatibility layer implementation, the function RAND_p ...
CVE-2024-5991vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedIn function MatchDomainName(), input param str is treated as a NULL te ...
CVE-2024-5814vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedA malicious TLS1.2 server can force a TLS1.3 client with downgrade cap ...
CVE-2024-5288vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedAn issue was discovered in wolfSSL before 5.7.0. A safe-error attack v ...
CVE-2024-2881vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedFault Injection vulnerability inwc_ed25519_sign_msg function in wolfss ...
CVE-2024-1545vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedFault Injection vulnerability in RsaPrivateDecryption function in wolf ...
CVE-2024-1544vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedGenerating the ECDSA nonce k samples a random number r and then trunc ...
CVE-2024-1543vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedThe side-channel protected T-Table implementation in wolfSSL up to ver ...
CVE-2024-0901vulnerable (no DSA)vulnerable (no DSA)fixedfixedRemotely executed SEGV and out of bounds read allows malicious packet ...
CVE-2023-6937vulnerable (no DSA)vulnerable (no DSA)fixedfixedwolfSSL prior to 5.6.6 did not check that messages in one (D)TLS recor ...
CVE-2023-6936vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn wolfSSL prior to 5.6.6, if callback functions are enabled (via the ...
CVE-2022-38152vulnerable (no DSA)fixedfixedfixedAn issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...
CVE-2022-34293vulnerable (no DSA)fixedfixedfixedwolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...

Open unimportant issues

BugbullseyebookwormtrixiesidDescription
CVE-2023-6935vulnerablevulnerablefixedfixedwolfSSL SP Math All RSA implementation is vulnerable to the Marvin Att ...

Resolved issues

BugDescription
TEMP-0000000-2D36D7cyassl: RSA Padding check vulnerability
CVE-2025-7396In wolfSSL release 5.8.2 blinding support is turned on by default for ...
CVE-2025-7395A certificate verification error in wolfSSL when building with the WOL ...
CVE-2023-3724If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor ...
CVE-2022-42961An issue was discovered in wolfSSL before 5.5.0. A fault injection att ...
CVE-2022-42905In wolfSSL before 5.5.2, if callback functions are enabled (via the WO ...
CVE-2022-39173In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...
CVE-2022-38153An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...
CVE-2022-25640In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...
CVE-2022-25638In wolfSSL before 5.2.0, certificate validation may be bypassed during ...
CVE-2022-23408wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...
CVE-2021-44718wolfSSL through 5.0.0 allows an attacker to cause a denial of service ...
CVE-2021-38597wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...
CVE-2021-37155wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...
CVE-2021-24116In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...
CVE-2021-3336DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...
CVE-2020-36177RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...
CVE-2020-24613wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...
CVE-2020-24585An issue was discovered in the DTLS handshake implementation in wolfSS ...
CVE-2020-15309An issue was discovered in wolfSSL before 4.5.0, when single precision ...
CVE-2020-12457An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...
CVE-2020-11735The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...
CVE-2020-11713wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...
CVE-2019-19963An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...
CVE-2019-19962wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, lea ...
CVE-2019-19960In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist sid ...
CVE-2019-18840In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of me ...
CVE-2019-16748In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...
CVE-2019-15651wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...
CVE-2019-14317wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) gen ...
CVE-2019-13628wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --ena ...
CVE-2019-11873wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...
CVE-2019-6439examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through ...
CVE-2018-16870It was found that wolfssl before 3.15.7 is vulnerable to a new variant ...
CVE-2018-12436wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cac ...
CVE-2017-13099wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...
CVE-2017-8855wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a mal ...
CVE-2017-8854wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...
CVE-2017-6076In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes i ...
CVE-2017-2800A specially crafted x509 certificate can cause a single out of bounds ...
CVE-2016-7440The C software implementation of AES Encryption and Decryption in wolf ...
CVE-2016-7439The C software implementation of RSA in wolfSSL (formerly CyaSSL) befo ...
CVE-2016-7438The C software implementation of ECC in wolfSSL (formerly CyaSSL) befo ...
CVE-2015-7744wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...
CVE-2015-6925wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to caus ...
CVE-2014-6500Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6496Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6495Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...
CVE-2014-6494Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6491Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...
CVE-2014-6478Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...
CVE-2014-2904wolfssl before 3.2.0 has a server certificate that is not properly aut ...
CVE-2014-2903CyaSSL does not check the key usage extension in leaf certificates, wh ...
CVE-2014-2902wolfssl before 3.2.0 does not properly authorize CA certificate for si ...
CVE-2014-2901wolfssl before 3.2.0 does not properly issue certificates for a server ...

Search for package or bug name: Reporting problems