Browse all 5 CVE security advisories affecting wolfSSL Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wolfSSL provides embedded SSL/TLS libraries for IoT devices and resource-constrained systems. Historically, vulnerabilities have included buffer overflows, use-after-free errors, and improper input validation, which could lead to remote code execution or denial of service. The company maintains a moderate CVE count of five, with no major public security incidents reported. wolfSSL emphasizes FIPS 140-2 validation and supports legacy protocols for compatibility, though this may introduce potential attack surfaces. Regular security updates and a focus on memory safety in their C codebase help mitigate risks, though the complexity of cryptographic implementations remains a challenge for embedded security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-2873 | User authentication bypass in wolfSSH server — wolfSSHCWE-287 | 9.1 | Critical | 2024-03-25 |
This page lists every published CVE security advisory associated with wolfSSL Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.