This page lists known vulnerabilities for the wolfSSL embedded SSL/TLS library, wolfCrypt embedded crypto engine, and other wolfSSL products. Each vulnerability is linked to the description and CVE if available. Please contact us with any questions or concerns.

Known Vulnerabilities

The SSL protocol, along with the more recent TLS 1.2 protocol, are both well documented and under constant scrutiny by the top experts in security and cryptography. SSL was quickly adopted as a standard world wide. SSL and TLS together secure communications between billions of computers, servers, Internet of Things (IoT) devices, and embedded systems. The security provided by an SSL/TLS Library depends on the underlying strength of its cryptography which is used to encrypt communications.

LINKCVE-2017-13099 Versions of wolfSSL up to 3.12.2 have a weak Bleichenbacher vulnerability with suites that use an RSA-encrypted premaster secret. Discovered by Hanno Böck, Juraj Somorovsky, Craig Young. PR #1229
LINKCVE-2017-2800 Versions of wolfSSL before 3.11.0 have a possible out-of-bounds write by one from a crafted certificate being passed to the function wolfSSL_X509_NAME_get_text_by_NID. Discovered by Aleksandar Nikolic of Cisco Talos. 3.11.0
LINKCVE-2017-8855 In versions of wolfSSL before 3.11.0 there are cases where a malformed DH key is not rejected by the function wc_DhAgree. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America. 3.11.0
LINKCVE-2017-8854 Versions of wolfSSL before 3.10.2 have a possible out-of-bounds memory access when loading crafted DH parameters. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America. 3.10.2
LINKCVE-2017-6076 In versions of wolfSSL before 3.10.2 the software implementation makes it easier to extract RSA key information for a malicious user who has access to view the cache on a machine. 3.10.2
LINKCVE-2016-7440 Software AES table lookups do not properly consider cache-bank access times 3.9.10
LINKCVE-2016-7439 Software RSA does not properly consider cache-bank monitoring 3.9.10
LINKCVE-2016-7438 Software ECC does not properly consider cache-bank monitoring 3.9.10
LINKCVE-2015-6925 Potential DOS attack when using DTLS on the server side 3.6.8
LINKCVE-2015-7744 TLS servers using RSA with ephemeral keys may leak key bits on signature faults 3.6.8
LINKCVE-2014-2900 Unknown critical certificate extension allowed 2.9.4
LINKCVE-2014-2899 NULL pointer dereference on peer cert request after certificate parsing failure 2.9.4
LINKCVE-2014-2898 Out of bounds read on repeated calls to CyaSSL_read(), memory access error. 2.9.4
LINKCVE-2014-2897 Out of bounds read, SSL 3.0 HMAC doesn't check padding length for verify failure 2.9.4
LINKCVE-2014-2896 Memory corruption, possible out of bounds read on length check in DoAlert() 2.9.4

Known Attacks

As researchers and security professionals release new attacks against SSL/TLS protocol versions, algorithms, or cryptographic modes, we want to keep our users informed if wolfSSL is vulnerable or safe to such attacks.

12.08.2017The ROBOT AttackYESYES
08.24.2016SWEET32 AttackYESYES
03.01.2016DROWN AttackNON/A
01.07.2016SLOTH AttackNON/A
08.11.2015Pandor'a's Box AttackNON/A
07.09.2015Logjam AttackNON/A
03.30.2015Bar Mitzvah AttackYESYES
03.04.2015FREAK AttackYESN/A
12.12.2014PODDLE Bites AgainNON/A
10.14.2014POODLE: Padding Oracle On Downgraded Legacy EncryptionYESYES
04.09.2014Heartbleed BugNON/A
02.05.2014Lucky 13 AttackYESYES
09.24.2012CRIME AttackYESYES
05.13.2011BEAST AttackYESYES

Contact Us

Email: info@wolfssl.com
Phone: +1 (425) 245-8247