CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15651
https://notcve.org/view.php?id=CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. wolfSSL versión 4.1.0, presenta una lectura excesiva de búfer en la región heap de la memoria por un byte en la función DecodeCertExtensions en el archivo wolfcrypt/src/asn.c porque la lectura del byte ASN_BOOLEAN no es manejada correctamente por un certificado DER especialmente diseñado en GetLength_ex. • https://github.com/wolfSSL/wolfssl/issues/2421 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2019-11873
https://notcve.org/view.php?id=CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. • http://www.securityfocus.com/bid/108466 https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6439
https://notcve.org/view.php?id=CVE-2019-6439
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. examples/benchmark/tls_bench.c en una herramienta de benchmarking en wolfSSL hasta la versión 3.15.7 tiene un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/106640 https://github.com/wolfSSL/wolfssl/issues/2032 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16870
https://notcve.org/view.php?id=CVE-2018-16870
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. Se ha detectado que wolfssl, en versiones anteriores a la 3.15.7, es vulnerable a una nueva variante del ataque Bleichenbacher para realizar ataques de degradación contra TLS. Esto podría provocar el filtrado de datos sensibles. • http://cat.eyalro.net https://github.com/wolfSSL/wolfssl/pull/1950 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12436
https://notcve.org/view.php?id=CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. wolfcrypt/src/ecc.c en wolfSSL en versiones anteriores a la 3.15.1.patch permite un ataque de canal lateral por caché de memoria en las firmas ECDSA. Esto también se conoce como Return Of the Hidden Number Problem (ROHNP). Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem https://www.wolfssl.com/wolfssh-and-rohnp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •