Browse all 5 CVE security advisories affecting wolfSSL Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wolfSSL provides embedded SSL/TLS libraries for IoT devices and resource-constrained systems. Historically, vulnerabilities have included buffer overflows, use-after-free errors, and improper input validation, which could lead to remote code execution or denial of service. The company maintains a moderate CVE count of five, with no major public security incidents reported. wolfSSL emphasizes FIPS 140-2 validation and supports legacy protocols for compatibility, though this may introduce potential attack surfaces. Regular security updates and a focus on memory safety in their C codebase help mitigate risks, though the complexity of cryptographic implementations remains a challenge for embedded security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3849 | Buffer Overflow in HPKE via Oversized ECH Config — wolfSSLCWE-787 | 9.8 | - | 2026-03-19 |
| CVE-2026-3503 | Fault injection attack with ML-DSA and ML-KEM on ARM — wolfSSL (wolfCrypt)CWE-335 | 6.1 | - | 2026-03-19 |
| CVE-2025-7844 | wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow — wolfTPMCWE-121 | 9.1AI | CriticalAI | 2025-08-04 |
| CVE-2024-5288 | Safe-error attack on TLS 1.3 Protocol — wolfSSLCWE-922 | 5.1 | Medium | 2024-08-27 |
| CVE-2024-2873 | User authentication bypass in wolfSSH server — wolfSSHCWE-287 | 9.1 | Critical | 2024-03-25 |
This page lists every published CVE security advisory associated with wolfSSL Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.