Show filters
71 Total Results
Displaying 21-30 of 71
Sort by:
Attacker Value
Unknown

CVE-2022-25640

Disclosure Date: February 24, 2022 (last updated February 23, 2025)
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Attacker Value
Unknown

CVE-2022-25638

Disclosure Date: February 24, 2022 (last updated February 23, 2025)
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Attacker Value
Unknown

CVE-2022-23408

Disclosure Date: January 18, 2022 (last updated February 23, 2025)
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
Attacker Value
Unknown

CVE-2021-45939

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).
Attacker Value
Unknown

CVE-2021-45938

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).
Attacker Value
Unknown

CVE-2021-45937

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).
Attacker Value
Unknown

CVE-2021-45936

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).
Attacker Value
Unknown

CVE-2021-45934

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).
Attacker Value
Unknown

CVE-2021-45933

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
Attacker Value
Unknown

CVE-2021-45932

Disclosure Date: January 01, 2022 (last updated February 23, 2025)
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).