Page 8 of 54 results (0.022 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. En wolfSSL versiones hasta 4.1.0, se presenta una falta de comprobación de saneamiento de los accesos a la memoria en el análisis de los datos del certificado ASN.1 durante el protocolo de negociación (handshaking). Específicamente, se presenta una lectura excesiva de búfer en la región heap de la memoria de un byte en la función CheckCertSignature_ex en el archivo wolfcrypt/src/asn.c. • https://github.com/wolfSSL/wolfssl/issues/2459 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 0

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. • http://www.securityfocus.com/bid/108466 https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. examples/benchmark/tls_bench.c en una herramienta de benchmarking en wolfSSL hasta la versión 3.15.7 tiene un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.securityfocus.com/bid/106640 https://github.com/wolfSSL/wolfssl/issues/2032 • CWE-787: Out-of-bounds Write •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. Se ha detectado que wolfssl, en versiones anteriores a la 3.15.7, es vulnerable a una nueva variante del ataque Bleichenbacher para realizar ataques de degradación contra TLS. Esto podría provocar el filtrado de datos sensibles. • http://cat.eyalro.net https://github.com/wolfSSL/wolfssl/pull/1950 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. wolfcrypt/src/ecc.c en wolfSSL en versiones anteriores a la 3.15.1.patch permite un ataque de canal lateral por caché de memoria en las firmas ECDSA. Esto también se conoce como Return Of the Hidden Number Problem (ROHNP). Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem https://www.wolfssl.com/wolfssh-and-rohnp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •