Affected Users: wolfSSH with SFTP enabled on the server side before version 1.4.21. Summary: A stack overflow vulnerability was discovered in wolfSSH’s SFTP server implementation. After an SFTP connection is established, a malicious SFTP client could send a specially crafted read, write, or set state SFTP packet that would cause the SFTP server code to […]
Read MoreMore TagMonth: January 2026
Bringing FIPS 140-3 to Proxmox Virtual Environments with wolfCrypt-FIPS
Organizations in government, healthcare, finance, and critical infrastructure sectors are required to meet stringent compliance standards, and FIPS 140-3 certification has become a key requirement for cryptographic modules used in regulated environments. wolfSSL is uniquely positioned to help bring this level of certification to Proxmox Virtual Environment (PVE), one of the most popular open-source virtualization […]
Read MoreMore TagThe DEADBEEF RNG Example Revisited
A while ago we had made a blog post and a patch that showed how someone could integrate their new RNG (Random Number Generator) into our wolfCrypt library. That methodology works, but it has a fairly obvious flaw. It assumed your RNG included the DRBG (Deterministic Random Bit Generator) as part of its implementation. You […]
Read MoreMore TagVulnerability Disclosure: wolfSSL (CVE-2025-7395)
Affected Users: Anyone using wolfSSL on Apple platforms with versions after 5.6.4 and before 5.8.0, specifically when built with WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION enabled (default for non-macOS Apple targets when using autotools or CMake). Summary: When using system CA certificates and Apple native certificate validation on Apple platforms, the native trust store verification routine incorrectly overrides […]
Read MoreMore TagKick Off 2026 with wolfSSL: Two-Part Getting Started with wolfSSL Webinar
Learn how to build, configure, and debug secure TLS applications with wolfSSL. Join us for this two-part technical webinar series, Getting Started with wolfSSL. These sessions walk through the fundamentals of wolfSSL—from building the library to integrating TLS into real applications. Led by wolfSSL Engineering Manager Chris Conlon, the series focuses on practical concepts, core […]
Read MoreMore TagCrypto-Agility in the LMS Private Key
Here at wolfSSL, we have enhanced our Leighton-Micali Signature (LMS) implementation with a new optional state serialization feature that significantly improves key reload performance for applications requiring frequent signing operations. The LMS post-quantum signature scheme is stateful by nature, meaning each signature operation updates the internal state of the private key, and this state must […]
Read MoreMore Tag