Browse all 5 CVE security advisories affecting wolfSSL Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wolfSSL provides embedded SSL/TLS libraries for IoT devices and resource-constrained systems. Historically, vulnerabilities have included buffer overflows, use-after-free errors, and improper input validation, which could lead to remote code execution or denial of service. The company maintains a moderate CVE count of five, with no major public security incidents reported. wolfSSL emphasizes FIPS 140-2 validation and supports legacy protocols for compatibility, though this may introduce potential attack surfaces. Regular security updates and a focus on memory safety in their C codebase help mitigate risks, though the complexity of cryptographic implementations remains a challenge for embedded security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-7844 | wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow — wolfTPMCWE-121 | 9.1AI | CriticalAI | 2025-08-04 |
This page lists every published CVE security advisory associated with wolfSSL Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.