Information on source package wolfssl

Available versions

ReleaseVersion
bullseye4.6.0-3
bookworm4.6.0-3
sid4.6.0-3

Open issues

BugbullseyebookwormsidDescription
CVE-2021-38597vulnerable (no DSA)vulnerablevulnerablewolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...
CVE-2021-37155vulnerable (no DSA)vulnerablevulnerablewolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...
CVE-2021-24116vulnerable (no DSA)vulnerablevulnerableIn wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...

Resolved issues

BugDescription
TEMP-0000000-2D36D7cyassl: RSA Padding check vulnerability
CVE-2021-3336DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...
CVE-2020-36177RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...
CVE-2020-24613wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...
CVE-2020-24585An issue was discovered in the DTLS handshake implementation in wolfSS ...
CVE-2020-15309An issue was discovered in wolfSSL before 4.5.0, when single precision ...
CVE-2020-12457An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...
CVE-2020-11735The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...
CVE-2020-11713wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...
CVE-2019-19963An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...
CVE-2019-19962wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, lea ...
CVE-2019-19960In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist sid ...
CVE-2019-18840In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of me ...
CVE-2019-16748In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...
CVE-2019-15651wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...
CVE-2019-14317wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) gen ...
CVE-2019-13628wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --ena ...
CVE-2019-11873wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...
CVE-2019-6439examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through ...
CVE-2018-16870It was found that wolfssl before 3.15.7 is vulnerable to a new variant ...
CVE-2018-12436wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cac ...
CVE-2017-13099wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...
CVE-2017-8855wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a mal ...
CVE-2017-8854wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...
CVE-2017-6076In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes i ...
CVE-2017-2800A specially crafted x509 certificate can cause a single out of bounds ...
CVE-2016-7440The C software implementation of AES Encryption and Decryption in wolf ...
CVE-2016-7439The C software implementation of RSA in wolfSSL (formerly CyaSSL) befo ...
CVE-2016-7438The C software implementation of ECC in wolfSSL (formerly CyaSSL) befo ...
CVE-2015-7744wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...
CVE-2015-6925wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to caus ...
CVE-2014-6500Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6496Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6495Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...
CVE-2014-6494Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...
CVE-2014-6491Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...
CVE-2014-6478Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...
CVE-2014-2904wolfssl before 3.2.0 has a server certificate that is not properly aut ...
CVE-2014-2903CyaSSL does not check the key usage extension in leaf certificates, wh ...
CVE-2014-2902wolfssl before 3.2.0 does not properly authorize CA certificate for si ...
CVE-2014-2901wolfssl before 3.2.0 does not properly issue certificates for a server ...

Search for package or bug name: Reporting problems