CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0CVE-2014-2899 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2899
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. wolfSSL CyaSSL anterior a 2.9.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de (1) una solicitud para el certificado de par cuando sucede un fallo de análisis sintáctico de certificado o (2)... • http://seclists.org/oss-sec/2014/q2/126 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 0CVE-2014-2900 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2900
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. wolfSSL CyaSSL anterior a 2.9.4 no valida debidamente certificados X.509 con extensiones críticas desconocidas, lo que permite a atacantes man-in-the-middle falsificar servidores a través de certificado X.509 manipulado. Multiple vulnerabilities have been found in CyaSSL, the worst of which may allow attackers to ... • http://seclists.org/oss-sec/2014/q2/126 • CWE-310: Cryptographic Issues •