Wolfssl: >> Wolfssl >> 3.0.2 Security Vulnerabilities
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-12-13
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-12-13
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-12-13
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
CVSS Score
5.9
EPSS Score
0.016
Published
2016-01-22
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
CVSS Score
7.5
EPSS Score
0.009
Published
2016-01-22
Page 5