Skip to main content

Cyassl

4 CVEs product

Monthly

CVE-2014-2899 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-2900 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-1623 MEDIUM This Month

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-1558 MEDIUM This Month

yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 1% CVSS 5.0
MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy