CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7396 – Curve25519 Blinding
https://notcve.org/view.php?id=CVE-2025-7396
18 Jul 2025 — In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to ... • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 • CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7394
https://notcve.org/view.php?id=CVE-2025-7394
18 Jul 2025 — In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in ... • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7395 – Domain Name Validation Bypass with Apple Native Certificate Validation
https://notcve.org/view.php?id=CVE-2025-7395
18 Jul 2025 — A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname. • http://github.com/wolfssl/wolfssl.git • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1543 – AES T-Table sub-cache-line leakage
https://notcve.org/view.php?id=CVE-2024-1543
29 Aug 2024 — The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023 • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1544 – ECDSA nonce bias caused by truncation
https://notcve.org/view.php?id=CVE-2024-1544
27 Aug 2024 — Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel rev... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5814 – Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
https://notcve.org/view.php?id=CVE-2024-5814
27 Aug 2024 — A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5288 – Safe-error attack on TLS 1.3 Protocol
https://notcve.org/view.php?id=CVE-2024-5288
27 Aug 2024 — An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. An issue was discovered in wolfSSL before 5.7.0. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5991 – Buffer overread in domain name matching
https://notcve.org/view.php?id=CVE-2024-5991
27 Aug 2024 — In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. • https://https://github.com/wolfSSL/wolfssl/pull/7604 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0901 – SEGV and out of bounds memory read from malicious packet
https://notcve.org/view.php?id=CVE-2024-0901
25 Mar 2024 — Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. SEGV ejecutado de forma remota y lectura fuera de los límites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los límites mediante el envío de un paquete con formato incorrecto y con la longitud correcta. • https://github.com/wolfSSL/wolfssl/issues/7089 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
20 Feb 2024 — In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLF... • https://github.com/wolfSSL/wolfssl/pull/6949 • CWE-126: Buffer Over-read •