Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wolfssl — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting wolfssl. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wolfSSL is an embedded SSL/TLS library primarily designed for resource-constrained environments, including IoT devices, automotive systems, and embedded Linux. Its compact footprint makes it a standard choice for secure communications in hardware with limited memory and processing power. Historically, the codebase has been associated with numerous Common Vulnerabilities and Exposures, totaling 62 recorded instances. These flaws predominantly involve memory corruption issues, such as buffer overflows and use-after-free errors, which can lead to remote code execution or denial of service. While cross-site scripting is less relevant to its backend nature, improper input validation remains a recurring theme. Notable incidents often stem from complex cryptographic implementations or parsing errors in certificate handling. The project maintains an active security response process, addressing these vulnerabilities through regular updates, though the high volume of past CVEs highlights the challenges of maintaining rigorous security standards in a widely deployed, low-level cryptographic component.

Top products by wolfssl: wolfSSL wolfSSH wolfCrypt wolfSSL-py
CVE IDTitleCVSSSeverityPublished
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function — wolfsslCWE-122 8.1 -2026-03-19
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 — wolfSSLCWE-358 7.5 -2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes — wolfSSLCWE-121 9.8 -2026-03-19
CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement — wolfSSL-pyCWE-306 9.1 -2026-01-07
CVE-2025-15382 Client SCP Request Triggers Buffer Overread by 1 Byte — wolfSSHCWE-125 8.1 -2026-01-06
CVE-2025-14942 Authentication Bypass — wolfSSHCWE-287 9.8 -2026-01-06
CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM — wolfSSLCWE-203 2.9AILowAI2025-12-11
CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11932 Timing Side-Channel in PSK Binder Verification — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt — wolfSSLCWE-191 9.8 -2025-11-21
CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519 — wolfSSLCWE-203 5.9 -2025-11-21
CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello — wolfSSLCWE-20 7.5 -2025-11-21
CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify — wolfSSLCWE-20 5.3 -2025-11-21
CVE-2025-11935 Forward Secrecy Violation in WolfSSL TLS 1.3 — wolfSSLCWE-326 8.1 -2025-11-21
CVE-2025-11625 Host verification bypass and credential leak — wolfSSHCWE-287 9.8AICriticalAI2025-10-21
CVE-2025-7396 Curve25519 Blinding — wolfSSL 6.8 -2025-07-18
CVE-2025-7394 OpenSSL 安全漏洞 — wolfSSLCWE-200 5.3 -2025-07-18
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation — wolfSSLCWE-295 7.5 -2025-07-18
CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt — wolfCryptCWE-1256 6.7 Medium2024-08-29
CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt — wolfCryptCWE-1256 5.9 Medium2024-08-29
CVE-2024-1543 AES T-Table sub-cache-line leakage — wolfSSLCWE-208 4.1 Medium2024-08-29
CVE-2024-1544 ECDSA nonce bias caused by truncation — wolfSSLCWE-203 4.1 Medium2024-08-27
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade — wolfSSL 7.5AIHighAI2024-08-27
CVE-2024-5991 Buffer overread in domain name matching — wolfSSLCWE-125 9.1AICriticalAI2024-08-27
CVE-2024-0901 SEGV and out of bounds memory read from malicious packet — wolfSSLCWE-129 7.5 High2024-03-25
CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS — wolfSSL 5.3 Medium2024-02-20
CVE-2023-6937 Improper (D)TLS key boundary enforcement — wolfSSLCWE-20 5.3 Medium2024-02-15
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA — wolfSSLCWE-203 5.9 Medium2024-02-09
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension — wolfSSLCWE-20 9.1 Critical2023-07-17

This page lists every published CVE security advisory associated with wolfssl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.