Wolfssl: >> Wolfssl >> 3.6.0 Security Vulnerabilities
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
CVSS Score
5.9
EPSS Score
0.016
Published
2016-01-22
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
CVSS Score
7.5
EPSS Score
0.009
Published
2016-01-22
Page 5