wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite…

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size …

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL…

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chin…

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handsha…

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certai…

wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple cal…

The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding le…

The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4…

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (re…

examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based b…

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL se…

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing …

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing…

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), th…

wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, ak…

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. …

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however…

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher at…

An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) mes…

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial num…

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual auth…

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular …

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connecti…

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a ch…

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 c…

wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows syste…

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/s…

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attacke…

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is ena…

In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection i…

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTL…

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authen…

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityChe…

wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.

DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certa…

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause …

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication…