WOLFSSL SECURITY VULNERABILITIES
This page lists known vulnerabilities for the wolfSSL embedded SSL/TLS library, wolfCrypt embedded crypto engine, and other wolfSSL products. Each vulnerability is linked to the description and CVE if available. Please contact us with any questions or concerns.
Known Vulnerabilities
The SSL protocol, along with the more recent TLS 1.2 protocol, are both well documented and under constant scrutiny by the top experts in security and cryptography. SSL was quickly adopted as a standard world wide. SSL and TLS together secure communications between billions of computers, servers, Internet of Things (IoT) devices, and embedded systems. The security provided by an SSL/TLS Library depends on the underlying strength of its cryptography which is used to encrypt communications.
| INFO | CVE ID | SEVERITY | DESCRIPTION | TIME TO FIX | FIXED IN VERSION |
|---|---|---|---|---|---|
| LINK | CVE-2018-16870 | Medium | Versions of wolfSSL prior to 3.15.7 are vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS, which may lead to leakage of sensible data. | 0 days | 3.15.7 |
| LINK | CVE-2018-12436 | Medium | Versions of wolfSSL up to and including 3.15.0 are vulnerable to a Key Extraction Side Channel Attack. A patch (wolfssl-3.15.1.patch) is available for download now on our website and a full release will be available next week containing the patch. | 0 days | 3.15.3 |
| LINK | CVE-2017-13099 | Medium | Versions of wolfSSL up to 3.12.2 have a weak Bleichenbacher vulnerability with suites that use an RSA-encrypted premaster secret. Discovered by Hanno Böck, Juraj Somorovsky, Craig Young. | 9 days | 3.13.0 |
| LINK | CVE-2017-2800 | Critical | Versions of wolfSSL before 3.11.0 have a possible out-of-bounds write by one from a crafted certificate being passed to the function wolfSSL_X509_NAME_get_text_by_NID. Discovered by Aleksandar Nikolic of Cisco Talos. | Fixed 20 days prior to CVE issuance | 3.11.0 |
| LINK | CVE-2017-8855 | High | In versions of wolfSSL before 3.11.0 there are cases where a malformed DH key is not rejected by the function wc_DhAgree. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America. | Fixed 5 days prior to CVE issuance | 3.11.0 |
| LINK | CVE-2017-8854 | High | Versions of wolfSSL before 3.10.2 have a possible out-of-bounds memory access when loading crafted DH parameters. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America. | Fixed 88 days prior to CVE issuance | 3.10.2 |
| LINK | CVE-2017-6076 | Medium | In versions of wolfSSL before 3.10.2 the software implementation makes it easier to extract RSA key information for a malicious user who has access to view the cache on a machine. | Fixed 13 days prior to CVE issuance | 3.10.2 |
| LINK | CVE-2016-7440 | Medium | Software AES table lookups do not properly consider cache-bank access times | Fixed 81 days prior to CVE issuance | 3.9.10 |
| LINK | CVE-2016-7439 | Medium | Software RSA does not properly consider cache-bank monitoring | Fixed 81 days prior to CVE issuance | 3.9.10 |
| LINK | CVE-2016-7438 | Medium | Software ECC does not properly consider cache-bank monitoring | Fixed 81 days prior to CVE issuance | 3.9.10 |
| LINK | CVE-2015-6925 | High | Potential DOS attack when using DTLS on the server side | Fixed 127 days prior to CVE issuance | 3.6.8 |
| LINK | CVE-2015-7744 | Medium | TLS servers using RSA with ephemeral keys may leak key bits on signature faults | Fixed 127 days prior to CVE issuance | 3.6.8 |
| LINK | CVE-2014-2903 | Medium | Server certificate not authorized for use in SSL/TLS handshake. CyaSSL does not check the key usage extension in leaf certificates. | Fixed 13 days prior to issuance | 2.9.4 |
| LINK | CVE-2014-2900 | Medium | Unknown critical certificate extension allowed | Fixed 13 days prior to issuance | 2.9.4 |
| LINK | CVE-2014-2899 | Medium | NULL pointer dereference on peer cert request after certificate parsing failure | Fixed 13 days prior to issuance | 2.9.4 |
| LINK | CVE-2014-2898 | Low | Out of bounds read on repeated calls to CyaSSL_read(), memory access error. | Fixed 13 days prior to issuance | 2.9.4 |
| LINK | CVE-2014-2897 | High | Out of bounds read, SSL 3.0 HMAC doesn't check padding length for verify failure | Fixed 13 days prior to issuance | 2.9.4 |
| LINK | CVE-2014-2896 | N/A | Memory corruption, possible out of bounds read on length check in DoAlert() | Fixed 13 days prior to issuance | 2.9.4 |
Known Attacks
As researchers and security professionals release new attacks against SSL/TLS protocol versions, algorithms, or cryptographic modes, we want to keep our users informed if wolfSSL is vulnerable or safe to such attacks.
| DATE | NAME | SEVERITY | WOLFSSL AFFECTED | ADDRESSED |
|---|---|---|---|---|
| 12.08.2017 | The ROBOT Attack | Medium | YES | YES |
| 08.24.2016 | SWEET32 Attack | TLS & SSH - High OpenVPN - Medium |
YES | YES |
| 03.01.2016 | DROWN Attack | Medium | NO | N/A |
| 01.07.2016 | SLOTH Attack | Medium | NO | N/A |
| 08.11.2015 | Pandora's Box Attack | N/A | NO | N/A |
| 07.09.2015 | Logjam Attack | Critical | NO | N/A |
| 03.30.2015 | Bar Mitzvah Attack | Medium | YES | YES |
| 03.04.2015 | FREAK Attack | Medium for all implementations | YES | N/A |
| 12.12.2014 | POODLE Bites Again | Medium | NO | N/A |
| 10.14.2014 | POODLE: Padding Oracle On Downgraded Legacy Encryption | Medium | YES | YES |
| 04.09.2014 | Heartbleed Bug | Medium | NO | N/A |
| 02.05.2014 | Lucky 13 Attack | Low | YES | YES |
| 09.24.2012 | CRIME Attack | Low | YES | YES |
| 05.13.2011 | BEAST Attack | Medium | YES | YES |
Contact Us
Email: facts@wolfssl.com
Phone: +1 (425) 245-8247