Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wolfSSL — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting wolfSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wolfSSL:wolfSSLwolfSSHwolfCryptwolfSSL-py
CVE IDTitleCVSSSeverityPublished
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function — wolfsslCWE-122 8.1 -2026-03-19
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 — wolfSSLCWE-358 7.5 -2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes — wolfSSLCWE-121 9.8 -2026-03-19
CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement — wolfSSL-pyCWE-306 9.1 -2026-01-07
CVE-2025-15382 Client SCP Request Triggers Buffer Overread by 1 Byte — wolfSSHCWE-125 8.1 -2026-01-06
CVE-2025-14942 Authentication Bypass — wolfSSHCWE-287 9.8 -2026-01-06
CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM — wolfSSLCWE-203 2.9AILowAI2025-12-11
CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11932 Timing Side-Channel in PSK Binder Verification — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt — wolfSSLCWE-191 9.8 -2025-11-21
CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519 — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify — wolfSSLCWE-20 5.3 -2025-11-21
CVE-2025-11935 Forward Secrecy Violation in WolfSSL TLS 1.3 — wolfSSLCWE-326 8.1 -2025-11-21
CVE-2025-11625 Host verification bypass and credential leak — wolfSSHCWE-287 9.8AICriticalAI2025-10-21
CVE-2025-7396 Curve25519 Blinding — wolfSSL 6.8 -2025-07-18
CVE-2025-7394 OpenSSL 安全漏洞 — wolfSSLCWE-200 5.3 -2025-07-18
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation — wolfSSLCWE-295 7.5 -2025-07-18
CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt — wolfCryptCWE-1256 6.7 Medium2024-08-29
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt — wolfCryptCWE-1256 5.9 Medium2024-08-29
CVE-2024-1543 AES T-Table sub-cache-line leakage — wolfSSLCWE-208 4.1 Medium2024-08-29
CVE-2024-1544 ECDSA nonce bias caused by truncation — wolfSSLCWE-203 4.1 Medium2024-08-27
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade — wolfSSL 7.5AIHighAI2024-08-27
CVE-2024-5991 Buffer overread in domain name matching — wolfSSLCWE-125 9.1AICriticalAI2024-08-27
CVE-2024-0901 SEGV and out of bounds memory read from malicious packet — wolfSSLCWE-129 7.5 High2024-03-25
CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS — wolfSSL 5.3 Medium2024-02-20
CVE-2023-6937 Improper (D)TLS key boundary enforcement — wolfSSLCWE-20 5.3 Medium2024-02-15
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA — wolfSSLCWE-203 5.9 Medium2024-02-09
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension — wolfSSLCWE-20 9.1 Critical2023-07-17

This page lists every published CVE security advisory associated with wolfSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.