CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7396 – Curve25519 Blinding
https://notcve.org/view.php?id=CVE-2025-7396
18 Jul 2025 — In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to ... • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 • CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7394
https://notcve.org/view.php?id=CVE-2025-7394
18 Jul 2025 — In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in ... • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7395 – Domain Name Validation Bypass with Apple Native Certificate Validation
https://notcve.org/view.php?id=CVE-2025-7395
18 Jul 2025 — A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname. • http://github.com/wolfssl/wolfssl.git • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2881 – Fault Injection of EdDSA signature in WolfCrypt
https://notcve.org/view.php?id=CVE-2024-2881
29 Aug 2024 — Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system ... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1545 – Fault Injection of RSA encryption in WolfCrypt
https://notcve.org/view.php?id=CVE-2024-1545
29 Aug 2024 — Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a vict... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1543 – AES T-Table sub-cache-line leakage
https://notcve.org/view.php?id=CVE-2024-1543
29 Aug 2024 — The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023 • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1544 – ECDSA nonce bias caused by truncation
https://notcve.org/view.php?id=CVE-2024-1544
27 Aug 2024 — Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel rev... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5814 – Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
https://notcve.org/view.php?id=CVE-2024-5814
27 Aug 2024 — A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5288 – Safe-error attack on TLS 1.3 Protocol
https://notcve.org/view.php?id=CVE-2024-5288
27 Aug 2024 — An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. An issue was discovered in wolfSSL before 5.7.0. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5991 – Buffer overread in domain name matching
https://notcve.org/view.php?id=CVE-2024-5991
27 Aug 2024 — In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. • https://https://github.com/wolfSSL/wolfssl/pull/7604 • CWE-125: Out-of-bounds Read •