Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (5)
| Vulnerability |
Summary |
Aliases |
|
VCID-3774-6bd4-8qcs
|
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.
|
CVE-2021-44718
|
|
VCID-av4q-73pk-tucd
|
Improper Authentication
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the `certificate_verify` message from the handshake, and never present a certificate.
|
CVE-2022-25640
|
|
VCID-h2vp-p7fd-7bev
|
Improper Handling of Exceptional Conditions
wolfSSL does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
|
CVE-2021-37155
|
|
VCID-mtcu-yhz9-c7b8
|
Improper Certificate Validation
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the `sig_algo` field differs between the `certificate_verify` message and the certificate message.
|
CVE-2022-25638
|
|
VCID-yyy6-k4y2-s3ep
|
Insufficient Verification of Data Authenticity
wolfSSL incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
|
CVE-2021-38597
|