CVSS: 5.8EPSS: 0%CPEs: 45EXPL: 0CVE-2014-2900
https://notcve.org/view.php?id=CVE-2014-2900
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. wolfSSL CyaSSL anterior a 2.9.4 no valida debidamente certificados X.509 con extensiones críticas desconocidas, lo que permite a atacantes man-in-the-middle falsificar servidores a través de certificado X.509 manipulado. • http://seclists.org/oss-sec/2014/q2/126 http://seclists.org/oss-sec/2014/q2/130 http://secunia.com/advisories/57743 http://www.securityfocus.com/bid/66780 http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html https://security.gentoo.org/glsa/201612-53 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 5%CPEs: 45EXPL: 0CVE-2014-2899
https://notcve.org/view.php?id=CVE-2014-2899
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. wolfSSL CyaSSL anterior a 2.9.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de (1) una solicitud para el certificado de par cuando sucede un fallo de análisis sintáctico de certificado o (2) un mensaje client_key_exchange cuando la clave efímera no se encuentra. • http://seclists.org/oss-sec/2014/q2/126 http://seclists.org/oss-sec/2014/q2/130 http://secunia.com/advisories/57743 http://www.securityfocus.com/bid/66780 http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html https://security.gentoo.org/glsa/201612-53 • CWE-20: Improper Input Validation •