目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

wolfSSL 厂商漏洞列表 / CVE 中文分析 62

wolfSSL 厂商相关 62 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

wolfSSL 是一款轻量级嵌入式 TLS 库,广泛用于物联网及资源受限设备,提供加密通信支持。其历史漏洞多集中于内存安全与协议解析缺陷,常见类型包括缓冲区溢出、空指针解引用及拒绝服务,极少涉及逻辑越权或远程代码执行。作为开源项目,其代码透明度高,但频繁更新以修复 CVE 问题。截至最新统计已收录 62 条 CVE,反映出其在复杂加密实现中仍需持续强化安全审计与边界检查机制。

上位製品 wolfSSL: wolfSSL wolfSSH wolfCrypt wolfSSL-py
CVE IDタイトルCVSS深刻度公開日
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function — wolfsslCWE-122 8.1 -2026-03-19
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 — wolfSSLCWE-358 7.5 -2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes — wolfSSLCWE-121 9.8 -2026-03-19
CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement — wolfSSL-pyCWE-306 9.1 -2026-01-07
CVE-2025-15382 Client SCP Request Triggers Buffer Overread by 1 Byte — wolfSSHCWE-125 8.1 -2026-01-06
CVE-2025-14942 Authentication Bypass — wolfSSHCWE-287 9.8 -2026-01-06
CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM — wolfSSLCWE-203 2.9AILowAI2025-12-11
CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11932 Timing Side-Channel in PSK Binder Verification — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt — wolfSSLCWE-191 9.8 -2025-11-21
CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519 — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify — wolfSSLCWE-20 5.3 -2025-11-21
CVE-2025-11935 Forward Secrecy Violation in WolfSSL TLS 1.3 — wolfSSLCWE-326 8.1 -2025-11-21
CVE-2025-11625 Host verification bypass and credential leak — wolfSSHCWE-287 9.8AICriticalAI2025-10-21
CVE-2025-7396 Curve25519 Blinding — wolfSSL 6.8 -2025-07-18
CVE-2025-7394 OpenSSL 安全漏洞 — wolfSSLCWE-200 5.3 -2025-07-18
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation — wolfSSLCWE-295 7.5 -2025-07-18
CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt — wolfCryptCWE-1256 6.7 Medium2024-08-29
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt — wolfCryptCWE-1256 5.9 Medium2024-08-29
CVE-2024-1543 AES T-Table sub-cache-line leakage — wolfSSLCWE-208 4.1 Medium2024-08-29
CVE-2024-1544 ECDSA nonce bias caused by truncation — wolfSSLCWE-203 4.1 Medium2024-08-27
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade — wolfSSL 7.5AIHighAI2024-08-27
CVE-2024-5991 Buffer overread in domain name matching — wolfSSLCWE-125 9.1AICriticalAI2024-08-27
CVE-2024-0901 SEGV and out of bounds memory read from malicious packet — wolfSSLCWE-129 7.5 High2024-03-25
CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS — wolfSSL 5.3 Medium2024-02-20
CVE-2023-6937 Improper (D)TLS key boundary enforcement — wolfSSLCWE-20 5.3 Medium2024-02-15
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA — wolfSSLCWE-203 5.9 Medium2024-02-09
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension — wolfSSLCWE-20 9.1 Critical2023-07-17

本页汇总了 wolfSSL 厂商截至目前公开的全部 62 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。