CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0CVE-2014-2899 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2899
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. wolfSSL CyaSSL anterior a 2.9.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de (1) una solicitud para el certificado de par cuando sucede un fallo de análisis sintáctico de certificado o (2)... • http://seclists.org/oss-sec/2014/q2/126 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 0CVE-2014-2900 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2900
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. wolfSSL CyaSSL anterior a 2.9.4 no valida debidamente certificados X.509 con extensiones críticas desconocidas, lo que permite a atacantes man-in-the-middle falsificar servidores a través de certificado X.509 manipulado. Multiple vulnerabilities have been found in CyaSSL, the worst of which may allow attackers to ... • http://seclists.org/oss-sec/2014/q2/126 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2013-1623 – Gentoo Linux Security Advisory 201308-06-02
https://notcve.org/view.php?id=CVE-2013-1623
08 Feb 2013 — The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Las implementaciones de TLS y DTLS de wolfSSL CyaSSL antes de v2.5.0 no cosnidera el tiempo de canal lateral ataques a ... • http://openwall.com/lists/oss-security/2013/02/05/24 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1558
https://notcve.org/view.php?id=CVE-2012-1558
12 Mar 2012 — yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. yaSSL CyaSSL anteriores a 2.0.8 permite a atacantes remotos provocar una denegación de servicio (resolución de puntero NULL y caída de la aplicación) a través de un certificado X.509 modificado. • http://secunia.com/advisories/48634 • CWE-399: Resource Management Errors •