Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wolfSSL Inc.

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-7844
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-1||LOW
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 21:35
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow

Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or public key larger than 2048 bits and your application calls `wolfTPM2_RsaKey_TpmToWolf` on that key, then a stack buffer could be overrun. If the `MAX_RSA_KEY_BITS` build-time macro is set correctly (RSA bits match what TPM hardware is capable of) for the hardware target, then a stack overrun is not possible.

Action-Not Available
Vendor-wolfSSL Inc.
Product-wolfTPM
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-5288
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 8.70%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 18:36
Updated-28 Aug, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Safe-error attack on TLS 1.3 Protocol

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.

Action-Not Available
Vendor-wolfSSL Inc.
Product-wolfSSL
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-2873
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.19% / 41.68%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 21:58
Updated-01 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User authentication bypass in wolfSSH server

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

Action-Not Available
Vendor-wolfSSL Inc.wolfssh
Product-wolfSSHwolfssh
CWE ID-CWE-287
Improper Authentication